1 It would be nice to have the logo at the top of the email, so that it's immediately visible on long emails and readers see immediately when they can't trust a message--
2 The mail I'm looking at (a Linux Mandrake Security Announcement from vdanen mandrakesoft com) claims:
"This message is digitally signed and has been found to be authentic"
and
"gpg: There is no indication that the signature belongs to the owner."
I know that I should take the identity of the signer with a pinch of salt and treat the mail as no better than unsigned, but a naive user would look at the first line of text alongside the intact seal and think that the signature must be genuine.
Could the message (1) be changed to something like
"This message is digitally signed, but the identity of the signer is uncertain.",
maybe with the seal logo cracked in two (to distinguish it from a smashed seal for an invalid signature)? Alternately, the seal could be just a dribble or blob of wax without the Ximian logo to indicate an incomplete seal.
Attachment:
pgpPiH82ZNQ7T.pgp
Description: PGP signature