Evolution signatures

Neil Williams linux@codehelp.co.uk
Wed Aug 6 19:31:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 06 Aug 2003 11:17 am, Adrian von Bidder wrote:
> On Wednesday 06 August 2003 10:33, Ben Finney wrote:
> >   - If the From: header changes, you can check it against the UIDs for
> >     the signing key.  Signing the From: header doesn't gain anything.
> Hmm. Ok, so probably MUA implementors should warn if From: header does not
> match a uid, or should not display from: at all but just the uid(s) of the
> signing key.

Why? The email client already displays the details of the primary UID as pa=
of the good (or bad) verification, as long as the public key is available.=
You don't have to take any notice of From:

> >   - If the Subject: header changes, it should affect the context of the
> >     message at all.  If it does, your correspondents are misusing the
> >     Subject: header.  It's supposed to be a summary indication of the
> >     contents, not an integral part of them.
> There's a huge difference on how it should be and how it is.... There are
> many people using the Subject to convey essential information. (People
> often don't see why they should type (part of) their message twice - so
> they either leave the subject empty or don't repeat in the body what is
> already in the Subject.)
> Yes, it's bad. But I doubt any attempt to educate users will be successfu=

Not true. Why make this part of GnuPG when the 'problem' is clearly user=20
related? I don't have any experience of what you described as 'often' - bla=
subject lines are just plain rude (make scanning an inbox for important mai=
from new correspondents more difficult) and users who do this should simply=
be told to mend their ways.

If someone doesn't repeat the 'vital' information contained in the subject=
line within the signed message, disregard it and then ask them why.


Neil Williams


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)