Email Self-Defense

Patrick Brunschwig patrick at enigmail.net
Tue Feb 23 09:04:41 CET 2016


On 23.02.16 02:08, NIIBE Yutaka wrote:
> Hello,
> 
> While we translate the "Email Self-Defense" guide into Japanese, I
> have a thing (or will have more) to clarify.
> 
> In this section 5b, it says:
> 
>     https://emailselfdefense.fsf.org/en/#step-5b
> 
>     When using GnuPG, make a habit of glancing at that bar.  The
>     program will warn you there if you get an email encrypted with a key
>     that can't be trusted.
> 
> "The program" here means Enigmail with GnuPG, I suppose.

Yes.

> I think that it's quite rare to encounter this particular case; a user
> would need to have a revoked or expired key (of themselves).
>
> If it means an email with signature (encrypted or not), it makes more
> sense to me.  I think that it would be better to explain more likely
> cases.
> 
> How do you think?

Enigmail displays various information in the status bar, such as:
(1) Good signature (hopefully mostly)
(2) "Bad signature" (Enigmail v1.8) / "Unverified signature" (v1.9) in
case the signature is bad
(3) "Unverified signature" together with an "Import" button in case the
signature is from an unknown key
(4) Good signature, but key is not trusted
(5) Good signature, but key is expired or revoked

The last one happens quite frequently if you look at old mails, but
hardly on current mails. I think the guide refers to (2) and/or (4), but
I'm not the author of the document ...


-Patrick



More information about the Gnupg-users mailing list