[Enigmail] Expect signature header proposal

Tue Oct 7 18:48:02 PDT 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Eitan Adler wrote:
> The fundamental difference between my scenario and yours is that the
> state of "always signing" is not with the sender but with recipient. The
> recipient always gets signed messages regardless of whether not the
> sender always signs all messages.
> 
> The sender is still free to send unsigned messages, and unsigned
> messages can still be traced back to the sender in scenario you presented.

What the hell.  I'll take one last pass at it.  Next one I start
charging consulting fees for, though.

"'Always signing' is not with the sender but with recipient."

I don't know how to respond to this.  In the realm of coherent,
well-founded statements, this ranks up there with "the business of the
book sleeps eternally" and "colorless green ideas sleep furiously".  In
terms of mathematical formalism, you have committed what is called
"category error."

Dan Simmons has explained it as "... the term for having stated or
defined a problem so poorly that it becomes impossible to solve that
problem, through dialectic or any other means."  Or, formally speaking,
it is the error of ascribing properties to a thing which cannot possibly
have those properties.

Imagine that after Pearl Harbor, FDR were to have told the American
people "our ships were destroyed by Japanese planes based on Japanese
carriers who flew to Hawaii and dropped bombs on us.  Therefore, today
the United States is at war with naval aviation, since naval aviation is
the one culpable for this disaster."

You'd think there was a slight misunderstanding on FDR's part about what
had happened and who/what was ultimately responsible, right?

The statement "'Always signing' is not with the sender but with
recipient" is pretty much like that.

	http://en.wikipedia.org/wiki/Category_error

The sender gets to decide whether messages are signed.

The recipient gets to decide whether a signature is necessary for the
message to be trusted.

If you want to say "users should have the option of saying, 'I want all
messages to be signed, and if they aren't, Enigmail should warn me"... fine.

Enigmail already does this -- and you know this -- and John Moore has
explicitly pointed it out to you.  If the message has a correct
signature from a validated key, it puts a neat little green bar at the
top of the screen.  No green bar?  Well, then consider yourself warned.

Changing this to a red bar will not change a blessed thing.  If you
teach yourself to tune out looking for that green bar, should we really
believe you're going to suddenly notice a red bar?  If we put up a
screen that says "This message wasn't signed.  Do you really want to
read it?", we're just going to train people to click "Yes" and ignore
the warning altogether.  (Which is, incidentally, already what people
are doing with the new Firefox warning screen.)

Category error: defining a problem so poorly it becomes impossible to
solve that problem.

You've defined your problem as "Enigmail doesn't give effective warnings
in the absence of a signature."  As long as you define the problem that
way, you will never address your underlying issue.