<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1">I just realized that I overloaded the meaning of
signature verification. Here, signature verification, both in my
previous discussion and in the receiver's UI, also includes the
certificate verification described in 2.b, in addition to
traditional signature verification.</font><br>
<pre class="moz-signature" cols="72">Thanks,
<div class="moz-cite-prefix">On 01/03/2018 01:04 PM, Lou Wynn wrote:<br>
"trusted" keys do not mean much without contexts. There are few
<pre wrap="">contexts to see what trustworthiness means.
1. From certificate verification point of view, a trusted key means that
the certificate is verified to be in the same trust realm or in the same
trust group with the receiver.
2. From the user interface point of view, a trusted key is reflected by
marking the sender's signature is verified, and an untrusted key is
marked by the warning that the signature cannot be verified. An
automated or manual process can be applied to delete or quarantine
messages whose signature verification fails. The screenshots on the web
link show this intuitive UI. Of course, the final decision about what to
do with such messages is up to the receiver. The warning of signature
verification makes the receiver aware of the sender status, which is
either certified to be in the same trust realm/group or not being
certified as such.