Wed Aug 6 19:31:02 2003
Content-Description: signed data
On Wednesday 06 Aug 2003 11:17 am, Adrian von Bidder wrote:
> On Wednesday 06 August 2003 10:33, Ben Finney wrote:
> > - If the From: header changes, you can check it against the UIDs for
> > the signing key. Signing the From: header doesn't gain anything.
> Hmm. Ok, so probably MUA implementors should warn if From: header does not
> match a uid, or should not display from: at all but just the uid(s) of the
> signing key.
Why? The email client already displays the details of the primary UID as pa=
of the good (or bad) verification, as long as the public key is available.=
You don't have to take any notice of From:
> > - If the Subject: header changes, it should affect the context of the
> > message at all. If it does, your correspondents are misusing the
> > Subject: header. It's supposed to be a summary indication of the
> > contents, not an integral part of them.
> There's a huge difference on how it should be and how it is.... There are
> many people using the Subject to convey essential information. (People
> often don't see why they should type (part of) their message twice - so
> they either leave the subject empty or don't repeat in the body what is
> already in the Subject.)
> Yes, it's bad. But I doubt any attempt to educate users will be successfu=
Not true. Why make this part of GnuPG when the 'problem' is clearly user=20
related? I don't have any experience of what you described as 'often' - bla=
subject lines are just plain rude (make scanning an inbox for important mai=
from new correspondents more difficult) and users who do this should simply=
be told to mend their ways.
If someone doesn't repeat the 'vital' information contained in the subject=
line within the signed message, disregard it and then ask them why.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----