On Sun 2015-09-20 11:13:36 -0700, Phil Stracchino <ph...@caerllewys.net> wrote: > A failed or invalid signature is *cryptographically* equivalent to no > signature; but it is not *functionally* equivalent. Because a failed > or invalid signature means that the sender *tried* to authenticate the > message, implying that it may have been important to do so.
But it doesn't mean this either. a failed or invalid signature could also mean that someone else (an attacker) tried to convince you that the supposed sender did something, even though you have no idea what it is. I'm with Robert here on the idea that we should not strive to provide a strong visual distinction between "bad signature" and "no signature" -- they offer the same level of cryptographic assurance. If we provide scary UI that says "signature failed, consider checking with the sender" and nothing scary when there is no signature at all, then an attacker who tampers with the message can just strip all indications of a signature before sending it on to avoid triggering the scary UI. --dkg _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net