On Thu 2017-11-09 16:30:45 +0100, Werner Koch wrote: > On Mon, 6 Nov 2017 11:46, whi...@posteo.net said: > >> Why not display exactly what GnuPG reports concerning a signature? Leave >> it up to the user to make his own value judgments. > > That is what I was about to reply ;-).
What kind of value judgements do you expect the user to make? Most
users don't have any clear understanding that mails are *not* signed in
the first place, and it's not clear that there's any actionable
information in the states in-between "valid signature" and "no
signature". How should the end user behave differently if they learn
"this signature appears to have been made after the message was sent" or
"this signature was made by a key that has been revoked" or "this
signature was made by a key that you don't have a valid certification
for"?
Certainly, if a sophisticated user wants to investigate why a message is
not signed when they expect a signature on that particular message, it
makes sense to expose a debugging view that allows them to distinguish
between these cases.
But by default, showing any of the warnings that GnuPG has traditionally
produced is basically distracting and leads to "warning fatigue".
--dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
