Re: [Evolution] Misleading PGP/GPG signature message

From: Sandip Bhattacharya <sandip lug-delhi org>
To: Evolution Users Mailing List <evolution lists ximian com>
Subject: Re: [Evolution] Misleading PGP/GPG signature message
Date: Thu, 27 Jan 2005 08:50:28 +0530

On Thu, 2005-01-27 at 10:30 +0800, Not Zed wrote:


I dont think its important.  There are really only 2 states.
Good/trusted, or not.  You can click on the icon for more details, but
the only important info for normal use is whether it is trusted or
not.


I feel the two states are: 
 1. Have key in keyring: This has three sub states:
   a. Good & the key is trusted
   b. Good but the key is *not* trusted (e.g. security updates where you
might not have a chain of trust to the signer)
   c. Bad 
 2. Unverifiable

Evo currently mentions 1a and 1b, but mixes up 1c and 2. It takes user
intervention (by clicking on the tab) to find out which one is which.

It is important to distinguish between 1c and 2, because you often get
signed messages from people whom you might have missed adding to your
keyring. And you would like to be sure that you know either their
message has been modified in transit or that you need to import their
keys. e.g. when somebody changes their keys.

- Sandip

--
Sandip Bhattacharya    *    Puroga Technologies   *     sandip puroga com
Work: http://www.puroga.com   *    Home/Blog: http://www.sandipb.net/blog

PGP/GPG Signature: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3

Follow-Ups:
- Re: [Evolution] Misleading PGP/GPG signature message
  - From: Not Zed
- Re: [Evolution] Misleading PGP/GPG signature message
  - From: Russell Fulton

References:
- [Evolution] Misleading PGP/GPG signature message
  - From: Sandip Bhattacharya
- Re: [Evolution] Misleading PGP/GPG signature message
  - From: Not Zed

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]