Frederick Roeber wrote:
>it sends a somewhat-preformatted
>message, which the other mailer can recognize and handle specially.
>
An "X-Something:" header could be used, if we want to do that.
>But then you have to trust the key servers, and we're back where we
>started.
>
You don't trust key servers, you trust the keychain. But then, we're
back at the web of trust model.
Or you verify the fingerprint yourself.
Hm, we could do the following: Whenever one of our users, who has a
cert/key, sends a mail, we insert a special "X-<SMIME/PGP>-Fingerprint:"
header. If we recieve a key, which cannot be validated, we could offer a
button "Show me all stored mails, which are sent by the owner of the
key" (with a warning to ignore messages which *seem* to come form the
owner).
This would support the model I outlined: I never met somebody in RL and
probably never will and I don't care, if he uses his real name or a
pseudonym, but I nevertheless want secure mail exchange (encryped and
signed) with him.
>I agree that popups are intrusive. I like the question mark on the
>icon. What's the current thinking on popups with "don't show this
>again" buttons?
>
(Almost) All popus should have this option. But they are still popus and
should be avoided.
