On Wed, 2001-10-24 at 07:36, Dan Winship wrote:
On Wed, 2001-10-24 at 09:55, Mike Leckey, Jr. wrote:I received a signed message that I did not have the key for. The small padlock was in a locked state, implying a good signature.The question-mark in the icon is supposed to imply "unknown".If the message cannot be proven authentic, how about making the first smaller lock broken as well as the second larger one w/details?It doesn't try to verify it until you click. The issue is that the previous completely-static PGP verification UI was trivially spoofable by just sending someone an HTML message containing the right graphics.
In the new system, you don't get any information about whether the sig is good or not until you click on the lock, which is something that can't be emulated with the parts of HTML that GtkHTML supports.
Well, I would rather have to click an icon than worry about spoofing. How about changing the text from "click for more information" to "click for validity" or something similar? -- Mike Leckey, Jr. rml phxlab honeywell com 602.231.1685 Honeywell Engines & Systems Phoenix, AZ
Description: PGP signature