i disagree with this:
1. i might not want to download the key: the message may be in the
"macht nichts" category
2. there are 3 options available to the user:
2a do nothing
2b try to get the key from the keyserver ( which keyserver, btw
)
2c ask the sender to send his|her key
it is critical not to cripple this thing by trying to make things
too automatic. we'll end up like SSL/TLS
i like the idea of a pen with a ? mark over it for those messages
which are signed but for which we do not have a local copy of the
sender's public key
On 09/22/2015 01:18 PM, Robert J.
Hansen wrote:
("Expired *or revoked*"?)
My list wasn't meant to be comprehensive.
The red-X would mean "there is a critical and unrecoverable problem,
click for more details."
the element you are missing is:
* message is signed
* no local copy of sender's Public Key
* what action do you want to take ?
As much as I'm inclined to agree with limiting the number of states,
it's hard to argue this point. What about a pen with '?' over it?
When processing a message for which there's no corresponding
certificate, Enigmail should try and fetch the certificate
automagically. If successful, great. 90% or more of the time it'll
succeed, and thus 90% of this problem goes away.
If the message is signed, there's no local copy of the sender's public
key, and it can't be found on the keyservers -- then that's a critical
and unrecoverable problem, and gets the big red X.
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
--
/Mike
|
signature.asc
Description: OpenPGP digital signature
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
