[Enigmail] Expect signature header proposal
Eitan Adler
eitanadlerlist at gmail.com
Tue Oct 7 18:03:29 PDT 2008
John W. Moore III wrote:
>
> The onus for Bob's career woes would rest squarely on Alice's shoulders.
> Only the presence of a verified Signature from Bob carries any
> significant meaning. The absence of the customary Signature should
> alert Alice to double check the veracity of the missive _prior_ to
> taking action based solely upon said Message.
First off how would she know that the "customary" signature is missing.
Secondly it is will established among most psychologists that people do
not notice the absence of some specific object or sign even if that
object is there on a regular basis.
Even without the header idea, which I now agree was a bad initial
choice, the UI to enable a warning on the non-existence of a signature
based on sender should still exist.
To quote John Moore: "Due diligence" at the zero-errors level is
something that very few, if any, human beings are *capable* of
maintaining all day, every day.
What you are proposing is a system similar to people noticing when the
little padlock in their browser is missing. This system has been
scraped (somewhat) for a more obvious alternative of alerting the end
user when problems exist with the certificate in a clear and effective
manner. This system IMHO works a lot better than the one where we
expect users to go against their nature.
I fail to see the
> practicality of even attempting to 'idiot proof' the absence of a
> Signature.
I do not propose 'idiot proof', only 'better than we have it now'.
If Alice [or any Recipient] is so security careless as to
> not observe the lack of a verified Signature then there is no protocol
> that will correct Her foolishness. :-\ <SIGH>
>
> JOHN ;)
More information about the Enigmail
mailing list