Hi! I use PGP signatures (actually gpg... Thunderbird+Enigmail) to sign my outgoing mails. SOGo's validation routine is apparently not capable of validating these signatures and reacts quite rude. It generally displays only one of the following two messages to inform the user about the signature:
* *Message is signed*(SOGo for: Signature could be validated)
* *Digital signature is not valid* (SOGo for: Signature could *not*
be validated)
These messages are highly misleading for two reasons:
1. "Message is signed" does not say anything about the signature's
quality at all but in fact applies to any correctly or incorrectly
signed mail.
2. "Digital signature is not valid" is in many cases plain wrong,
telling the receiver that the mail has been corrupted. Here it just
means that SOGo does not know whether or not the signature is correct.
Proper states could for example be:
* Message has a valid digital signature
* Message has a digital signature which could not be validated
* Message has an invalid digital signature
* Message has not been signed
Is it possible to change this behavior?
Best, Carsten
PS: I sign this mail as well, so you can directly test the issue.
signature.asc
Description: OpenPGP digital signature
