> Doesn't all decent e-mail clients automagically check if a signature is > legit and matches the known public key?
Probably not "all", but a lot, yes. The problem comes from you can't force a user to pay attention to a warning. Some years ago a friend of mine, Peter Likarish, invented a browser plugin that would detect phishing sites. When you hit a suspected phishing site it would display a big red banner across the top of the screen. In controlled usability trials (he was a university researcher), not a single person noticed the big red banner across the top of the screen. In exit interviews those who did notice it said they assumed it was a banner ad and they just ignored it. Users have become so accustomed to advertisements trying to attract their attention that it's actually become difficult for apps to warn people of real dangers. This is a real concern in the usability field. It's a hard problem.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
