Re: [M-Dev] PGP/Mime support

Thu, 12 Dec 2002 13:38:16 -0800 

On Thu, 12 Dec 2002 09:37:13 +0100 Xavier Nodet <[EMAIL PROTECTED]> wrote:

> I believe we should have a much better way to show those signature
> verifications. One thing in particular, is that it should be very clear
> which parts of the message were actually signed.

Another thing is that the status of a PGP signature is not easily
described using only an enum: a signature is:
  - good or bad
  - expired or not
  - has one of 4 levels of trust

Additionally, some useful information could be added. A interesting
thing I would like to see is:
  
  Good PGP signature from "Xavier Nodet <[EMAIL PROTECTED]>"

The displayed ID would be either the one that has the same mail address
as the 'From:' header, or the primary ID of the key if there is no
corresponding mail address.

I feel this is important to display this information, as users will tend
to 'trust' the fact that the message is signed, without realizing that
the headers of the mail themselves are not signed. This is for the same
reason that when we offer to sign a message, 'From:' and 'To:' headers
should be copied into the body so that they are also signed. 

So I propose that the object returned by the crypto functions has such
an API (which should do for both verifying signatures and decrypting):

        class CryptoStatus {

          enum TrustLevel {
            UNKNOWN
            NOT_TRUSTED,
            MARGINALLY,
            FULLY,
            ULTIMATELY
          };

          /// Results from decryption or signature
          bool          IsGood()        const;
          bool          IsKeyExpired()  const;
          TrustLevel    GetTrustLevel() const;
          unsigned long GetKeyId()      const;
          String        GetUserId()     const;  

          /// CANNOT_EXEC_PROGRAM, OPERATION_CANCELED_BY_USER, etc...
          GPGStatus     GetErrorLevel() const;

        };

Any comments?

-- 
Xavier Nodet
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin, 1759.




-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Mahogany-Developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mahogany-developers

Reply via email to