[Enigmail] Usability issues
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 11 08:31:46 PST 2007
Please trim your quotes.
LeRoy Cressy wrote:
> To me a bad signature is a warning that the message could have been
> tampered with.
So is there being no signature whatsoever on a message. A bad signature
conveys precisely the same amount of information regarding tampering, or
lack thereof, as there being no signature whatsoever. This is an
argument in favor of changing the way we view bad signatures.
> Only the owner of a key pair should send a key to a key server.
While you're talking about the way things should be, taxes should be
lower, beer should be stronger, and I should have a pony.
The reality is that non-certowners can and do send certs to the cert server.
> you could set up a cron job with a line like
> gpg --send-key 0x12345678
> to make sure that only your version of your public key is on a key server.
This does not work.
> Also, you should not accept a signature for your key unless you have
> verified the signature like from a key signing party
How do you propose to 'not accept' signatures? OpenPGP doesn't give you
a choice.
> There are a number of us that use numerous xterms and use gpg interactively.
Yes, I'm one, myself. The point still stands: GnuPG is not a UI target.
More information about the Enigmail
mailing list