On Sun 2015-09-20 11:13:36 -0700, Phil Stracchino <ph...@caerllewys.net> wrote:
> A failed or invalid signature is *cryptographically* equivalent to no
> signature; but it is not *functionally* equivalent. Because a failed
> or invalid signature means that the sender *tried* to authenticate the
> message, implying that it may have been important to do so.
But it doesn't mean this either. a failed or invalid signature could
also mean that someone else (an attacker) tried to convince you that the
supposed sender did something, even though you have no idea what it is.
I'm with Robert here on the idea that we should not strive to provide a
strong visual distinction between "bad signature" and "no signature" --
they offer the same level of cryptographic assurance. If we provide
scary UI that says "signature failed, consider checking with the sender"
and nothing scary when there is no signature at all, then an attacker
who tampers with the message can just strip all indications of a
signature before sending it on to avoid triggering the scary UI.
--dkg
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
