[Enigmail] On Displaying Signatures
patrick at enigmail.net
Sun Nov 5 12:06:54 CET 2017
dkg and I discussed when and how the result of verifying a signed mail
should be displayed. We came up with the following solution, that I want
to implement in Enigmail.
We *only* display signature information if *all* of the following
conditions are satisfied:
A. The signature could be verified successfully
B. Email date and signature date are "close"  to each other, and
both dates are in the "past" or in the near future 
C. The signing key is associated with the From: address of the email
via any of: valid UID, per-recipient rule, Autocrypt peer-state
D. If the signing (sub-)key is revoked:
- the signing (sub-)key must not be revoked with reasons other
- if the revocation reason was "superseded" then the date of the
revocation must be after then signing date.
E. If the signing (sub-)key is expired, the expiry date must be after
the signing date
 We need to allow some delta since there is always a little gap
between the signature creation and and message sending.
 We need to allow a few hours in the future, since not all mail
clients run on the exact time.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the enigmail-users