Re: [Evolution] Ximian Seal of Approval

[Jeffrey Stedfast <fejj ximian com>]

While I agree that it would be nice, it's just not possible to do
because PGP doesn't tell us much in it's return code (it tells us "yes,
it's valid" or "no, it's not valid"). The text you see below the first
line is all from PGP's stderr and we can't parse that because we don't
even know what language it's in, and even if we did it'd still be nearly
impossible to parse.

Jeff

On Thu, 2001-09-27 at 16:16, Terry Browning wrote:
> I've been looking at the neat Seal of Approval logo for good sigs and I
> like it :)
> Just two points:
>
>     1 It would be nice to have the logo at the top of the email, so that
>     it's immediately visible on long emails and readers see immediately
>     when they can't trust a message
>     
>     2 The mail I'm looking at (a Linux Mandrake Security Announcement
>     from vdanen mandrakesoft com) claims:
>     "This message is digitally signed and has been found to be
>     authentic"
>     and
>     "gpg: There is no indication that the signature belongs to the
>     owner."
>     I know that I should take the identity of the signer with a pinch of
>     salt and treat the mail as no better than unsigned, but a naive user
>     would look at the first line of text alongside the intact seal and
>     think that the signature must be genuine.
>     Could the message (1) be changed to something like
>     "This message is digitally signed, but the identity of the signer is
>     uncertain.",
>     maybe with the seal logo cracked in two (to distinguish it from a
>     smashed seal for an invalid signature)? Alternately, the seal could
>     be just a dribble or blob of wax without the Ximian logo to indicate
>     an incomplete seal.
>
> --
> Terry