Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Stefan Claas stefan.claas at posteo.de
Mon Jun 5 17:40:18 CEST 2017


On 05.06.17 16:22, Stefan Claas wrote:
> On 04.06.17 22:20, Daniel Kahn Gillmor wrote:
>
>> I'd generally think that if you're looking for a tool to help people
>> remember and recognize keys that they've seen before, then a mail user
>> agent is in a great position to do exactly that: just tell the user
>> explicitly what they've seen before, how often, etc.  why depend on the
>> human visual cortex or on human ability for numeric recall?
> I could imagine that Joe user average may not always look at mail headers
> very carefully for a little typo in the from: or reply-to: header in his
> mail client or web-mailer.
And another thought, since this thread says "app developers". How would
services like StartMail, ProtonMail or gmx.de for example handle this...?

If i remember correctly users have not the possibillity to sign someone
elses pub-key when they both use the same service. If someone gains
unauthorized access to one account and use his own fake pub key...?!

Regards
Stefan





More information about the Gnupg-users mailing list