RE: [Evolution] Preliminary list of feature requests [Long]
- From: "Ray Lee" <ray madrabbit org>
- To: "Evolution Helixcode Com" <evolution helixcode com>
- Subject: RE: [Evolution] Preliminary list of feature requests [Long]
- Date: Sun, 6 Aug 2000 08:53:26 -0700
Quoting jwz from Nathan Thompson-Amato's message:
Basically, it's a hard problem and probably not worth worrying about too
much: if it's a message that is important enough that someone would go
to the trouble of spoofing the signature, then it's probably a message
where the recipient actually cares about the signature, and will click
on the link to see details about that signature instead of just trusting
the single bit of information ("yes/no") that the UI displays.
Outlook 2000's preview pane handles this nicely. If a message fails
verification, nothing shows in the preview pane but "This message has an
invalid digital signature. Open the message for more information." along
with a ribbon (certificate) with a red exclamation point by it. At this
point you have to take a specific action to actually even *see* the contents
of the forged message.
Somebody could forge this failure screen in HTML, I suppose, and send it
making the recipient think that a message failed a signature check even
though it didn't, but that's not a security risk.
Ray Lee
rblee impulse net ~ ray madrabbit org
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
