Thunderbird dealing with signed messages and mailing lists [was: Re: Best practices for obtaining a new GPG certificate]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 24 02:27:28 CET 2021
On Fri 2021-03-19 15:30:51 -0700, Mark via Gnupg-users wrote:
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists that modify message bodies (and
headers) in the way that gnupg-users at gnupg.org does should *not* show as
a valid digital signature.
See
https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.html#name-mailing-list-wrapping
for a bit more information on the problem, and
https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.html#name-exception-mailing-list-foot
for a proposed method for MUAs to responsibly render such a message.
--dkg
PS fwiw, "uncertain digital signature" probably shouldn't show at all in
any reasonable end-user-facing MUA unless the user is in some sort of
special-cased debug mode. In typical operation, a message either is
protected by a valid signature or it is not. Displaying an
intermediate status like "uncertain" is likely only to cause
confusion.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210323/b8768864/attachment-0001.sig>
More information about the Gnupg-users
mailing list