On Wed, 2001-10-24 at 07:36, Dan Winship wrote:
On Wed, 2001-10-24 at 09:55, Mike Leckey, Jr. wrote:I received a signed message that I did not have the key for. The small padlock was in a locked state, implying a good signature.The question-mark in the icon is supposed to imply "unknown".If the message cannot be proven authentic, how about making the first smaller lock broken as well as the second larger one w/details?It doesn't try to verify it until you click. The issue is that the previous completely-static PGP verification UI was trivially spoofable by just sending someone an HTML message containing the right graphics.
Good point, and a good solution, I think. Also means less clutter at the bottom of every signed message, and slightly shorter message-load times. I like it! ...just takes some mental readjustment. --Eric
Attachment:
pgphUx96mPgXA.pgp
Description: PGP signature