[Enigmail] On Displaying Signatures

Patrick Brunschwig patrick at enigmail.net
Sun Nov 5 12:06:54 CET 2017


dkg and I discussed when and how the result of verifying a signed mail
should be displayed. We came up with the following solution, that I want
to implement in Enigmail.


We *only* display signature information if *all* of the following
conditions are satisfied:

A. The signature could be verified successfully
B. Email date and signature date are "close" [1] to each other, and
   both dates are in the "past" or in the near future [2]
C. The signing key is associated with the From: address of the email
   via any of: valid UID, per-recipient rule, Autocrypt peer-state
D. If the signing (sub-)key is revoked:
     - the signing (sub-)key must not be revoked with reasons other
       than "superseded".
     - if the revocation reason was "superseded" then the date of the
       revocation must be after then signing date.
E. If the signing (sub-)key is expired, the expiry date must be after
   the signing date


[1] We need to allow some delta since there is always a little gap
    between the signature creation and and message sending.

[2] We need to allow a few hours in the future, since not all mail
    clients run on the exact time.


-Patrick


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/attachments/20171105/ddbcb0ae/attachment.sig>


More information about the enigmail-users mailing list