[Enigmail] Usability issues

Cristian KLEIN cristiklein at gmail.com
Tue Dec 11 10:08:43 PST 2007 

> 0.  KEYS AREN'T.
> make this terminological shift.  For the rest of this, I'm going to use
> 'certificate' to refer to key collections that are associated with one
> person.

Certificate strongly suggest authority-based trust. I really feel this
will lead to confusion, although you are right that OpenPGP keys are
more-or-less certificates.

> 1.  BAD SIGNATURES AREN'T.
> whether the message was changed /semantically/.  Compare these two messages:
>
> a.  Now is the time for all good men to come to the aid of the party.
> b.  Now  is the time for all good men to come to the aid of the party.
>
> I don't know anyone who would argue that message A possesses a different
> meaning than message B.  Yet, message B would have the signature fail
> (due to the addition of a space after "Now"), while message A would have
> a good signature.

I don't like this either. MD5 verification failure of a downloaded CD
could mean that the CD was only altered syntactically. For example,
there might be an empty file in the root folder which did not exist in
the original CD. Semantically, the CD is the same. However, should you
see a CD which fails MD5 verification, wouldn't you download it again?
How about a CD which has no MD5 hash?

My point is, there is a clear distinction between a BAD signature and
a missing signature.

A missing signature means (at least to me) that the sender does not
care enough to make me trust the message, or that we have already
spoken about that subject on the phone (i.e. there is another trust
channel), just letting me know his part is done.

On the other hand, a BAD signature, suggest that the sender does care
about the integrity of the message, and his wish was not fulfilled.
Even if the message has a single space added at the end, you have to
ask yourself:
* Do I trust everything else in this message?
* Why was the message altered? Malfunction, human intervention?
* Who altered the message?
* Does this happend to unsigned messages too?

I think that a BAD signature is a serious issue and it should not be
treated as a harmless unsigned message.

More information about the Enigmail mailing list