Thunderbird dealing with signed messages and mailing lists [was: Re: Best practices for obtaining a new GPG certificate]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 24 02:27:28 CET 2021
On Fri 2021-03-19 15:30:51 -0700, Mark via Gnupg-users wrote:
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists that modify message bodies (and
headers) in the way that gnupg-users at gnupg.org does should *not* show as
a valid digital signature.
for a bit more information on the problem, and
for a proposed method for MUAs to responsibly render such a message.
PS fwiw, "uncertain digital signature" probably shouldn't show at all in
any reasonable end-user-facing MUA unless the user is in some sort of
special-cased debug mode. In typical operation, a message either is
protected by a valid signature or it is not. Displaying an
intermediate status like "uncertain" is likely only to cause
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-users