[Enigmail] Expect signature header proposal

John W. Moore III jmoore3rd at bellsouth.net
Tue Oct 7 20:31:40 PDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Eitan Adler wrote:

> To quote John Moore:  "Due diligence" at the zero-errors level is
> something that very few, if any, human beings are *capable* of
> maintaining all day, every day.

Wrong attribution; Phil S. said this.

> What you are proposing is a system similar to people noticing when the
> little padlock in their browser is missing.  This system has been
> scraped (somewhat) for a more obvious alternative of alerting the end
> user when problems exist with the certificate in a clear and effective
> manner.  This system IMHO works a lot better than the one where we
> expect users to go against their nature.

No, I was following Your scenario wherein Bob _always_ Signs His
Messages.  Presumably Alice is aware of this if She has received any
prior messages from Bob so the absence of a Signature should be
noticeable.  Either the Signature Block is there or it isn't.  If using
Enigmail then the 'Enigmail/OpenPGP Bar' will be visible in Thunderbird
or SeaMonkey indicating a Signature is present and whether or not it was
verifiable.  No color coded Sig 'Bar' in Enigmail indicates that there
is no Signature on the Message.  Just because Alice failed to notice
that Bob didn't sign doesn't excuse Alice from acting on unconfirmed
information.  If Alice is capable of 'ruining careers' simply on the
basis of an unconfirmed Email then She obviously has too much Power
combined with too little education/training.

> I do not propose 'idiot proof', only 'better than we have it now'.

What 'We have now' is elegantly simple and depends only upon the
Recipient using their eyes for a visual examination of the presence of a
Signature.  In theory, Human Beings are more intelligent than a machine;
unless You have more faith in the Software than I.  Of course, insertion
of the Human Judgment Factor is always the weakest link in every
Security chain.  :(

JOHN ;)
Timestamp: Tuesday 07 Oct 2008, 23:31  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4845: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJI7CmbAAoJEBCGy9eAtCsPP5QH/13I5FpG1by03jY1mBIus2OV
egtS//WBST3IxjFRmS9pvPnlFE2VPTMRFW4dfv2v/w1MkEFa19cZcULQwYvEFHh+
LLHrILu2bau+NvBV09+qVoNXxSlc3d+W78cIkzMzOSQFKxKvHhxGa6brd2TXrrp/
2K9LnOi2syPVinUEfFj9USMQp0+BB6klIBL/Ku2om5atYEZKKbDvR64clVgZGq0r
QIHdGlgAW1u4xDyZyt8ihtK2oecqBMzHJVdt6OgrAs3q698iyLCROMnloNfiFW+H
F8FEi/38Xtb7bzw8bLJOuAnKQlOiWeNGEQ4FYbmoSvYiB/BmBjxeN1hY8xokmSw=
=5bKv
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list