[Enigmail] Usability issues
James Kosin
jkosin at beta.intcomgrp.com
Tue Dec 11 06:36:19 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert J. Hansen wrote:
<<SNIP>>
> 1. BAD SIGNATURES AREN'T.
>
> For a signature to have any meaning, it must be:
>
> * A good signature * From a validated certificate
>
> In no other case does a signature have any meaning. Let's say that
> I receive a bad signature from John Clizbe. I trust John and have
> given his certificate a nonexportable validation. That bad
> signature means the message was changed /syntactically/. It has
> nothing to say about whether the message was changed
> /semantically/. Compare these two messages:
>
> a. Now is the time for all good men to come to the aid of the
> party. b. Now is the time for all good men to come to the aid of
> the party.
>
<<SNIP>>
A BAD SIGNATURE only means the email was changed/modified in the two
sentences above the extra space modified the original text. Plain and
simple.
You could also rearrange the sentence entirely and still convey the
same thought; but, that would still mean the text was modified.
c. All good men, now is the time to come to the aid of the party.
Still conveys the same thought however I would still want this to fail
the verification process.
- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHXqBjkNLDmnu1kSkRAlv2AJ9vT0d42UI4WFzNckM5snLp8xYjmgCggMMO
ySCb9M5XlgqSV2j7Wm26SqU=
=Dn+B
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the Enigmail
mailing list