Re: [Evolution] possibly stupid PGP/GPG display question

From: Paul Hosking <pahoskin cisco com>
To: Dan Winship <danw ximian com>
Cc: Mike Earl <mike earl rcn com>, evolution ximian com
Subject: Re: [Evolution] possibly stupid PGP/GPG display question
Date: 28 Feb 2001 12:06:25 -0800

Please keep in mind, I'm not a developer so I'm not sure how valid /
difficult this is... :)

On 28 Feb 2001 22:37:02 +0500, Dan Winship wrote:

As other people said, the plan is to have some sort of unforgeable
indicator there saying whether it's validly signed or not.

We're still not quite sure what it will be, so if people have ideas, let
me know. :-)



Currently, I'm thinking the best way to be sure the PGP signature isn't
a forged HTML representation is to view the source.  You can see the PGP
signature block.  How about right-clicking on the pgp icon (or maybe a
button in the task bar) that pops up a window containing the signature
block?

One problem I see with this right off is the tendancy to get complacent
and assume the initial graphic representation is valid w/out then
clicking on the icon to see the underlying signature.  

-- 

.: Paul Hosking . pahoskin cisco com
.: InfoSec

.: PGP KeyID: 0x42F93AE9
.: 7B86 4F79 E496 2775 7945  FA81 8D94 196D 42F9 3AE

References:
- [Evolution] possibly stupid PGP/GPG display question
  - From: Mike Earl
- Re: [Evolution] possibly stupid PGP/GPG display question
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]