Re: using the fringe to indicate good signatures

author Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Mon, 7 Sep 2015 22:50:47 +0000 (18:50 +2000)

committer W. Trevor King <wking@tremily.us>

Sat, 20 Aug 2016 21:49:33 +0000 (14:49 -0700)
author Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 7 Sep 2015 22:50:47 +0000 (18:50 +2000)
committer W. Trevor King <wking@tremily.us>
Sat, 20 Aug 2016 21:49:33 +0000 (14:49 -0700)
diff --git a/0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f b/0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f

new file mode 100644 (file)

index 0000000..9b249c1
--- /dev/null
+++ b/0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f
@@ -0,0 +1,94 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id B9C8A6DE0B38\r
+ for <notmuch@notmuchmail.org>; Mon,  7 Sep 2015 15:50:59 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.132\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.132 tagged_above=-999 required=5\r
+ tests=[AWL=-0.132] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id WFf7lgLlJ4pm for <notmuch@notmuchmail.org>;\r
+ Mon,  7 Sep 2015 15:50:57 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 419E26DE0B27\r
+ for <notmuch@notmuchmail.org>; Mon,  7 Sep 2015 15:50:57 -0700 (PDT)\r
+Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net\r
+ [108.58.6.98])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 56B3EF984;\r
+ Mon,  7 Sep 2015 18:50:52 -0400 (EDT)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id D1FCC24871; Mon,  7 Sep 2015 18:50:52 -0400 (EDT)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: David Edmondson <dme@dme.org>, notmuch@notmuchmail.org\r
+Subject: Re: using the fringe to indicate good signatures\r
+In-Reply-To: <m2mvxmxfwl.fsf@heart-of-gold.hh.sledj.net>\r
+References: <m2mvxmxfwl.fsf@heart-of-gold.hh.sledj.net>\r
+User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Mon, 07 Sep 2015 18:50:47 -0400\r
+Message-ID: <87d1xtn8s8.fsf@alice.fifthhorseman.net>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+ micalg=pgp-sha512; protocol="application/pgp-signature"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.18\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 07 Sep 2015 22:50:59 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+\r
+On Thu 2015-08-20 09:12:26 -0400, David Edmondson wrote:\r
+> After listening to bremner, dkg et al. from Heidelberg, I threw together\r
+> a quick patch to see how we might indicate signature validity in the\r
+> fringe. The intention is to prompt more discussion - this code is not\r
+> ready to ship.\r
+\r
+> The patch is attached. The result looks something like:\r
+>     http://dme.org/data/images/notmuch-signed-fringe.png\r
+\r
+I like the basic idea of this, thanks for putting it together.  It's\r
+good to put security indicators in a region of the UI that the message\r
+content cannot modify or spoof.\r
+\r
+What do we think should be done if there are multiple nested signatures?\r
+\r
+     --dkg\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+\r
+iQJ8BAEBCgBmBQJV7hTIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc6EQP/1GotOG7JdzNvqTsbiGIq7kK\r
+5Trab0ad3RALAGAlsXlCd1ZXzyK0I+BokOuq9GJfDnw+CjmxWJDgnJyXjZLqtti8\r
+XP9e48XxY3kF5LHPV4cSy82olCnQTzLEZIl84Aq3lwuJplQOLQwbNeh/9+j/7atS\r
+a3JNPnCs4ulA8dC/q4e2z/0TECZI7vaLUTPpSIleOTyDgv+4QHJoFkfMLMvBss7o\r
+0/Io59Ebb/epZclA3T57cIINb/48a23VgxBDdFlRyAmZyMNT+WNADDhScBq0H7Gb\r
+U7R4Nz0Gd+m+jMiEjfOTMm8dN66evVaHxtNJnGFkdIEPHyjaSqTSCwVR62uRl1Yj\r
+7i4YN5gszriccQDb7CLhkUvBSpU9+hJWpgmQlE3G9dP+5+OqMD+zsUxtWrc1PtX2\r
+Ez8hccsf53n0ytCE5x4egVFfa8BME9pquN1dnTdRz6d4l4+JA1QHn3fZWgNojjZF\r
+7XHmtGxm6KZEr3o9iNumbAo6ja5oP2XzZw40h8PnGVxe14qNWhLdCgdLjv8hbvAs\r
+yjHX9dbyH0gQyRcPfjw3P2PSVRHa1bVVj/sP/vBVC4+sBY2tz4eRkx11z1z9OInc\r
+S/EtWvhelhbS1fgHDbNLZT7LWjrfkvF8vx/xlajM88QZZpccPqGrkSu6e01/Dhlf\r
+nU7ygR6hAHuuy22pnI+C\r
+=PKGX\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Mon, 7 Sep 2015 22:50:47 +0000 (18:50 +2000)
committer	W. Trevor King <wking@tremily.us>
	Sat, 20 Aug 2016 21:49:33 +0000 (14:49 -0700)