Re: [Enigmail] No more "Untrusted Good Signature"s
> 1. i might not want to download the key: the message may be in the > "macht nichts" category So you disable the auto-download in the configuration menu. > 2. there are 3 options available to the user: And they can all be taken care of once the user expresses enough interest in the signature to find out what the problem is. > 2b try to get the key from the keyserver( which keyserver, btw ) Whichever one they've configured Enigmail to use. We've had a keyserver setting for years. > it is critical not to cripple this thing by trying to make things too > automatic. we'll end up like SSL/TLS By which you mean, what -- we'll become a largely-invisible and largely-effective part of the information security ecosystem that's responsible for securing billions of dollars a day, and on balance does it surprisingly well? Man, I *hope* we wind up like TLS. :) > i like the idea of a pen with a ? mark over it for those messages which > are signed but for which we do not have a local copy of the sender's > public key I don't. It's unnecessary. The red X says everything that needs to be said: "There's a problem. Click here for more details." You've already got trinary icons (full color, grayed-out, and Xed). I draw the line there. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
i disagree with this:
1. i might not want to download the key: the message may be in the
"macht nichts" category
2. there are 3 options available to the user:
2a do nothing
2b try to get the key from the keyserver ( which keyserver, btw
)
2c ask the sender to send his|her key
it is critical not to cripple this thing by trying to make things
too automatic. we'll end up like SSL/TLS
i like the idea of a pen with a ? mark over it for those messages
which are signed but for which we do not have a local copy of the
sender's public key
On 09/22/2015 01:18 PM, Robert J.
Hansen wrote:
("Expired *or revoked*"?)
My list wasn't meant to be comprehensive.
The red-X would mean "there is a critical and unrecoverable problem,
click for more details."
the element you are missing is:
* message is signed
* no local copy of sender's Public Key
* what action do you want to take ?
As much as I'm inclined to agree with limiting the number of states,
it's hard to argue this point. What about a pen with '?' over it?
When processing a message for which there's no corresponding
certificate, Enigmail should try and fetch the certificate
automagically. If successful, great. 90% or more of the time it'll
succeed, and thus 90% of this problem goes away.
If the message is signed, there's no local copy of the sender's public
key, and it can't be found on the keyservers -- then that's a critical
and unrecoverable problem, and gets the big red X.
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
--
/Mike
signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick wrote: > The state should depend on whether the key was valid at the time > of signature creation. True, but if we change to that, we rely on a (non-signed) header to deduct the date. Olav -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQGcBAEBAgAGBQJWAapZAAoJEKGX32tq4e9W5j8L/3ItuxK5Jt94DsmtKZY4tO0R 8QSRVh/OyHPG0XoOl/wNX1YT1sHYjiJEtJ7A7n4usAgJURWMDYxoKtKgWMfuFT7A na0/laRb4p8gnJtkaRUGtmNcHLkENEpSSojAv8QxwtKQnINFP1X1+q5YM3ORURqO lPQw2VqtVXRdtUdQBqUE9387AvfK+pGEt0dxgwe2bsMUH8DCA+BNg9fBVCvCVLKm w8i0ZgaqSwxlP2cE5uH3wnIpcsffqU/Gc8JPFosvdVbOi6elJ6y/UtECcAuZOZN5 oiyihCZfmUR5b1zSplORj8lfWrMtpTwSDjUbjL+RPE04OupgOemidPcYUAkiHNZk 9Q7aPgVb6+6rtPeZy6hRgXfobm5IrjIxhct/3QAoXKgGa6w8gm5tQC6J05IEezrT MvpU01MeHxW/nb5AdhgvjB3CbqKgJ0Vr/QYC43lMw1Rwm/JDNDEUPk/bQ3hn+lKP K7X3SOV986yP18UWuVyAUaUjyi9Q7eiV974BivU65A== =c2/q -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
> Hmm... I feel like this has come up before, and there have been noises > made by people that don't want keys to be fetched automatically. Sure. But that's no reason to omit the feature or not make it the default. It's a reason to make it a configurable option. > Similarly, some people may not upload their keys to public servers. Sure. And if we don't have a local copy and can't get a certificate from the public keyserver, the solution isn't to ask the user what they wish to do next. It's to tell them there's a problem with the signature: give it a red X. If the user cares, they'll click on the X and discover the problem, and *then* we can lead them through a key import wizard. The fewer states we have, the happier our users will be. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 9/22/15 11:30 AM, Patrick Brunschwig wrote: The state doesn't depend on whetherthe key is expired or revoked_today_. What matters is whether the key was valid at the time of signature creation. ... unless the key was revoked because it was compromised. -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
- Original Message -
From: Matthew Woehlke
Sent: 22.09.2015 - 16:43
To: enigmail-users@enigmail.net
Subject: Re: [Enigmail] No more "Untrusted Good Signature"s
> On 2015-09-21 17:28, Mike Acker wrote:
>> On 2015-09-21 16:57, Robert J. Hansen wrote:
>>> Privacy: a lock. If the message was encrypted, the lock icon is in
>>> color; if it wasn't, the icon is grayed-out; if it was encrypted to an
>>> expired certificate, the lock icon is in color but has a red X over it.
>
> ("Expired *or revoked*"?)
I think that expired and revoked are mostly irrelevant, and actually ill
displayed in Enigmail today. The state doesn't depend on whetherthe key is
expired or revoked _today_. What matters is whether the key was valid at the
time of signature creation.
-Patrick
signature.asc
Description: PGP/MIME digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 2015-09-22 13:18, Robert J. Hansen wrote: > When processing a message for which there's no corresponding > certificate, Enigmail should try and fetch the certificate > automagically. If successful, great. 90% or more of the time it'll > succeed, and thus 90% of this problem goes away. > > If the message is signed, there's no local copy of the sender's public > key, and it can't be found on the keyservers -- then that's a critical > and unrecoverable problem, and gets the big red X. Hmm... I feel like this has come up before, and there have been noises made by people that don't want keys to be fetched automatically. Similarly, some people may not upload their keys to public servers. That said, maybe it's okay using the same icon for an invalid signature as for a signature that can't be verified. -- Matthew ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
> ("Expired *or revoked*"?)
My list wasn't meant to be comprehensive.
The red-X would mean "there is a critical and unrecoverable problem,
click for more details."
>> the element you are missing is:
>>
>>* message is signed
>>* no local copy of sender's Public Key
>>* what action do you want to take ?
>
> As much as I'm inclined to agree with limiting the number of states,
> it's hard to argue this point. What about a pen with '?' over it?
When processing a message for which there's no corresponding
certificate, Enigmail should try and fetch the certificate
automagically. If successful, great. 90% or more of the time it'll
succeed, and thus 90% of this problem goes away.
If the message is signed, there's no local copy of the sender's public
key, and it can't be found on the keyservers -- then that's a critical
and unrecoverable problem, and gets the big red X.
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 2015-09-21 17:28, Mike Acker wrote:
> On 2015-09-21 16:57, Robert J. Hansen wrote:
>> Privacy: a lock. If the message was encrypted, the lock icon is in
>> color; if it wasn't, the icon is grayed-out; if it was encrypted to an
>> expired certificate, the lock icon is in color but has a red X over it.
("Expired *or revoked*"?)
> the element you are missing is:
>
>* message is signed
>* no local copy of sender's Public Key
>* what action do you want to take ?
As much as I'm inclined to agree with limiting the number of states,
it's hard to argue this point. What about a pen with '?' over it?
--
Matthew
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
First, Lyle, please accept our apologies for the rudeness you received. That's not how we want to treat people here. Second, if you click this link you'll arrive at the webpage that controls your subscription to Enigmail-users. Look at the bottom: To the left of the "Unsubscribe or edit options" box, enter your email address. Then click "Unsubscribe or edit options," and you're off to the races. I hope this helps, and I hope you have a nice day. :) signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
