> Doesn't all decent e-mail clients automagically check if a signature is
> legit and matches the known public key?

Probably not "all", but a lot, yes.

The problem comes from you can't force a user to pay attention to a
warning.  Some years ago a friend of mine, Peter Likarish, invented a
browser plugin that would detect phishing sites.  When you hit a
suspected phishing site it would display a big red banner across the top
of the screen.  In controlled usability trials (he was a university
researcher), not a single person noticed the big red banner across the
top of the screen.  In exit interviews those who did notice it said they
assumed it was a banner ad and they just ignored it.

Users have become so accustomed to advertisements trying to attract
their attention that it's actually become difficult for apps to warn
people of real dangers.  This is a real concern in the usability field.
 It's a hard problem.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to