[Enigmail] ownertrust vs. calculated validity [was: Re: Setting trust levels for unknown keys]

John W. Moore III jmoore3rd at bellsouth.net
Wed Apr 29 15:49:33 PDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Daniel Kahn Gillmor wrote:

> Enigmail currently says "Good Signature from Joe Smith <joe at example.org>
> with key ID 0x12ABCD34" in green, when there is full calculated
> validity.  This is good.  But when there is not full calculated
> validity, it simply prefixes the message with "UNTRUSTED".  Instead, it
> should say something like "OK Signature by Key 0x12ABCD34, which may or
> may not belong to Joe Smith <joe at example.org>".  Maybe it should also
> use some other color in this case.

1st: Enigmail _does_ use another color; Blue.

2nd: The terminology of Good/Bad, Trusted/Untrusted as they apply to
Sigs has been debated ad infinitum but the bottom line is that it
doesn't really matter what word is used; due to the disparities in
knowledge levels regarding what information is actually being conveyed
whatever word is chosen to be used there will be confusion.  The words
Trust & Valid are so subjective as to be as difficult to universally
define as herding cats.  :-\

Everyone's Trust Model is different and unique.  Individual Users must
determine how the information conveyed by GnuPG 'fits' their criteria
and the most beneficial interpretation.

- From My perspective I would like to see Enigmail able to easily assign
Trust Signatures wherein the Depth of Trust can be strictly specified.
Due to the paucity of Frontends for GPG available for Linux I feel this
would make Enigmail a more useful and valuable instrument for casual
Users and the more Experienced User.  Even PGP incorporates the ability
to make Trusted Introducer [Black Pencil] Signatures in their GUI.  Most
PGP Users are unaware how to access it and even less understand what the
difference is between a Trust Signature and a 'Regular' exportable or
local signature.  :(

JOHN ;)
Timestamp: Wednesday 29 Apr 2009, 18:45  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4987: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJJ+Nl6AAoJEBCGy9eAtCsPM7YH/j4CBTSZwsxFDTOibQHhLglO
WTDXKhROQPB/JYgAUl1VXPp6lLR9CvuXIJFWxPnmA9GKjju2qeGltC+f+Pk4DdT1
mF0xFdsHDjvOWoBBNIHXs7HFjD0FztBnmyXuk0em0BMYvTlQHHFo1HEReLNSxN5a
tSb4uRv7Oto++UUP1QkRUDufJbARaa+8BUqe1MUZerADxtwArVXGXuZTxdvZThE4
ZHZhaWrUfMBpTpya8/COEXqae9TLa8Li3kRKmobbyDBy3FBHv+F1x4hBgqulXtN5
eEGCDAAsr6aPJYgxWP9jd8s79dqjGzzLYJHFVTiAgfCW/z7622S7SpWtgvD6+9U=
=GITT
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list