On Fri 2021-03-19 15:30:51 -0700, Mark via Gnupg-users wrote:
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists that modify message bodies (and
headers) in the way that gnupg-users@gnupg.org does should *not* show as
a valid digital signature.
See
https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.html#name-mailing-list-wrapping
for a bit more information on the problem, and
https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.html#name-exception-mailing-list-foot
for a proposed method for MUAs to responsibly render such a message.
--dkg
PS fwiw, "uncertain digital signature" probably shouldn't show at all in
any reasonable end-user-facing MUA unless the user is in some sort of
special-cased debug mode. In typical operation, a message either is
protected by a valid signature or it is not. Displaying an
intermediate status like "uncertain" is likely only to cause
confusion.
> It also has issues with signed messages and lists. For example you
> signed this message but it says "uncertain digital signature". I don't
> remember this being an issue in the older TB/Enigmail.
Signed messages on mailing lists that modify message bodies (and
headers) in the way that gnupg-users@gnupg.org does should *not* show as
a valid digital signature.
See
https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.html#name-mailing-list-wrapping
for a bit more information on the problem, and
https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-01.html#name-exception-mailing-list-foot
for a proposed method for MUAs to responsibly render such a message.
--dkg
PS fwiw, "uncertain digital signature" probably shouldn't show at all in
any reasonable end-user-facing MUA unless the user is in some sort of
special-cased debug mode. In typical operation, a message either is
protected by a valid signature or it is not. Displaying an
intermediate status like "uncertain" is likely only to cause
confusion.
Attached Files:
-
signature.asc (0.22 KB)