Enigmail signature status indications (was: TOFU)

[Peter Lebbing]

On 25/06/17 13:11, MFPA wrote:
> But "good signature" _does_ mean when the signature was verified the
> message had not been altered since it was signed.

However, I don't think that this information is in any way relevant to a
user if the key that signed it was not valid. I'm afraid the current
formulation doesn't do enough to discourage people to attach value to a
signature by an invalid key. The word "good" is weakening the message of
the word "UNTRUSTED", IMO.

The gpg command line also uses the word "good". But it is much more
verbose about it being made by an invalid key:

> gpg: Good signature from "First Name Last Name <email>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.

I am aware that changing the formulation doesn't make people use it
correctly; using it correctly is hard. But I think it would be much
better if it just said "UNTRUSTED signature". And if the signature is
not "good", it'll simply say "Error - signature verification failed".

> Or maybe that the original message data has been replaced with new
> message data that hashes to the same value.

Well, let's assume that this is not possible. When weak hashes are
disabled, this should not be possible. If we start to include this kind
of things in our assumptions, we should also add "or that somebody
managed to compute the private key for the key that signed this message".

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170625/109aa3f1/attachment-0001.sig>