Email Self-Defense
Patrick Brunschwig
patrick at enigmail.net
Tue Feb 23 09:04:41 CET 2016
On 23.02.16 02:08, NIIBE Yutaka wrote:
> Hello,
>
> While we translate the "Email Self-Defense" guide into Japanese, I
> have a thing (or will have more) to clarify.
>
> In this section 5b, it says:
>
> https://emailselfdefense.fsf.org/en/#step-5b
>
> When using GnuPG, make a habit of glancing at that bar. The
> program will warn you there if you get an email encrypted with a key
> that can't be trusted.
>
> "The program" here means Enigmail with GnuPG, I suppose.
Yes.
> I think that it's quite rare to encounter this particular case; a user
> would need to have a revoked or expired key (of themselves).
>
> If it means an email with signature (encrypted or not), it makes more
> sense to me. I think that it would be better to explain more likely
> cases.
>
> How do you think?
Enigmail displays various information in the status bar, such as:
(1) Good signature (hopefully mostly)
(2) "Bad signature" (Enigmail v1.8) / "Unverified signature" (v1.9) in
case the signature is bad
(3) "Unverified signature" together with an "Import" button in case the
signature is from an unknown key
(4) Good signature, but key is not trusted
(5) Good signature, but key is expired or revoked
The last one happens quite frequently if you look at old mails, but
hardly on current mails. I think the guide refers to (2) and/or (4), but
I'm not the author of the document ...
-Patrick
More information about the Gnupg-users
mailing list