Re: [Evolution] New lock icon implies authentic sig

From: Dan Winship <danw ximian com>
To: "Mike Leckey, Jr." <rml phxlab honeywell com>
Cc: Evolution <evolution ximian com>
Subject: Re: [Evolution] New lock icon implies authentic sig
Date: 24 Oct 2001 10:36:04 -0400

On Wed, 2001-10-24 at 09:55, Mike Leckey, Jr. wrote:

I received a signed message that I did not have the key for.  The small
padlock was in a locked state, implying a good signature.


The question-mark in the icon is supposed to imply "unknown".

If the message cannot be proven authentic, how about making the first
smaller lock broken as well as the second larger one w/details?


It doesn't try to verify it until you click.

The issue is that the previous completely-static PGP verification UI was
trivially spoofable by just sending someone an HTML message containing
the right graphics.

In the new system, you don't get any information about whether the sig
is good or not until you click on the lock, which is something that
can't be emulated with the parts of HTML that GtkHTML supports.

-- Dan

Follow-Ups:
- Re: [Evolution] New lock icon implies authentic sig
  - From: Rick Ziegler
- Re: [Evolution] New lock icon implies authentic sig
  - From: Eric Lambart
- Re: [Evolution] New lock icon implies authentic sig
  - From: Mike Leckey, Jr.
- Re: [Evolution] New lock icon implies authentic sig
  - From: Miles Lane

References:
- [Evolution] New lock icon implies authentic sig
  - From: Mike Leckey, Jr.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]