[Enigmail] General Opinion and unverified bug

Robert J. Hansen rjh at sixdemonbag.org
Mon Mar 9 04:32:45 CET 2015


> I know that, there were already discussions about the (GnuPG) 
> terminology of Enigmail. I don't think that an addon, which should 
> easily provide signing and encrypting mails for the masses, should
> use very technical terms, which are coming from a "low-level" tool
> for rather tech-savy people like GnuPG. Just use abstractions. The
> users on Layer 8 just wants to know, if they can trust an e-mail or
> not. Or if they are doing it right or not.

This is your prejudice.  Until and unless you've done a statistically
significant polling of a representative cross-section of users, you just
don't know.  If the people you're training are like this, great, but
please don't assume your experiences are representative of either the
userbase or the trainerbase.

> When recieving a signed email there are only four possibilities: 1.
> the message is manipulated (wrong signature)

No.  99% of bad signatures are actually attached to untampered emails.
This is why we cannot conclude based on a bad sig that the message has
been changed.

> In the first case, you can just show a huge red bar, telling the
> user, that the message can't be trusted.

No.  You show them a message saying the integrity is not assured.  This
is semantically different.

> This makes not much sense to me. It's even irrational to me. And I
> tell you why:

At this point it has been explained to you many times, in great detail.
I no longer care whether you understand it, and I never cared about
your approval of my choice.  Drop it.



More information about the enigmail-users mailing list