On 09/20/15 14:01, Robert J. Hansen wrote: > The arguments in favor of trinary: > > * Many users are going to want three states even though, IMO, the third > state is useless. > > A bad signature on an email message, contrary to popular belief in the > community, doesn't mean the message was tampered with. 99% of the time > it's evidence the *signature* was tampered with. PGP/MIME is infamous > here: MUAs play hob with attachments and repackage the signature up in > weird ways. So a bad signature, by itself, doesn't tell you anything > about whether the message has been changed. All that a bad signature > tells you is the sender thought the message was important enough to add > an authenticity/identity measure, but authenticity/identity cannot be > assured. And if we're saying "authenticity/identity cannot be assured", > then really, that's no different from no signature at all -- so it > should use the same black text as no signature at all.
Actually, I dispute this. There is an important functional, not just human, distinction between 'Sender made no attempt to provide authentication on this message' and 'Sender attempted to provide authentication on this message, *but something went wrong*'. In the latter case, if it is an important communication, you may wish to contact the sender by other means to verify authenticity. In the former case, there is no reason to do so. It could be crucial to know which case is in effect, but we can't expect users to look at the authenticity details on every message to find out whether there was *no* signature or a *failed* (for whatever reason) signature. So we need the interface to let them distinguish at a glance between no signature and failed signature. It is then up to the user to decide whether or not they need to investigate a failed signature further. > So... yeah. My inner crypto nerd says the binary choice is a more > accurate representation of reality. My inner UX geek says the trinary > choice is what users will want and feel more comfortable with. The nerd > and the geek are fighting for control of my soul. :) In this case, I think the crypto nerd has overlooked an important aspect. :) A failed or invalid signature is *cryptographically* equivalent to no signature; but it is not *functionally* equivalent. Because a failed or invalid signature means that the sender *tried* to authenticate the message, implying that it may have been important to do so. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
