Hi Philip-- thanks for your thoughtful review of these scenarios. i only have time to respond to one of them now, but i think they all warrant further review and probably some functionality changes.
On 12/15/2013 12:43 PM, Philip Jackson wrote:
[a bunch of good diagnostics snipped]
> Fourth case : sender's key imported, Thunderbird restarted, trust level set
> to
> 'unknown' and sender's key signed by me. Thunderbird displays a green band
> with
> the message 'Part of the message signed; click on 'Details' button for more
> information + key ID and date signed.'
>
> The date signed is given as today's date and the time as when the email was
> first opened, I think - but I actually signed this key last October (according
> to Kleopatra).
In this case, enigmail is reporting the date that e-mail was signed, not
that the sender's OpenPGP certificate (a.k.a. "public key") was
certified. Since OpenPGP certificates are multi-issuer, there can be
many certifications on any given cert, and they can all have different
times. It only makes sense in this context for thunderbird to report
the message signature time, i think.
Is there a way you could re-phrase the enigmail header that would
clarify that the time/date reported is the message signature timestamp
instead of the certificate's certification timestamp?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
