[Enigmail] On signatures
Robert J. Hansen
rjh at sixdemonbag.org
Fri Dec 14 12:14:26 PST 2007
Jan Steffen wrote:
> The sender has an openpgp-key or certificate.
s/sender/someone/
There is no guarantee that the person who sent the message was the
person who put the signature on the message.
> The sender bothered to sign his message, so he really wants me to check
> the authenticity of the message.
See above.
> If there is no sig at all, I can conclude that the sender doesn't have a
> key/certificate or that he does not bother to use it.
Neither conclusion is supported by the evidence. E.g., the sender could
have sent a MIME message which had the signature attachment stripped by
an intervening MUA. The only inference supported by logic is that the
message lacks a signature.
More information about the Enigmail
mailing list