From f75b4ccc771d02effded1b3d66f0d6ad5fbb4739 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 8 Sep 2015 18:50:47 +2000 Subject: [PATCH] Re: using the fringe to indicate good signatures --- 0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f | 94 +++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f diff --git a/0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f b/0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f new file mode 100644 index 000000000..9b249c14d --- /dev/null +++ b/0b/e643a69f2b5e6fb5a1e848803c3e6656163d8f @@ -0,0 +1,94 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id B9C8A6DE0B38 + for ; Mon, 7 Sep 2015 15:50:59 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.132 +X-Spam-Level: +X-Spam-Status: No, score=-0.132 tagged_above=-999 required=5 + tests=[AWL=-0.132] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id WFf7lgLlJ4pm for ; + Mon, 7 Sep 2015 15:50:57 -0700 (PDT) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id 419E26DE0B27 + for ; Mon, 7 Sep 2015 15:50:57 -0700 (PDT) +Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net + [108.58.6.98]) + by che.mayfirst.org (Postfix) with ESMTPSA id 56B3EF984; + Mon, 7 Sep 2015 18:50:52 -0400 (EDT) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id D1FCC24871; Mon, 7 Sep 2015 18:50:52 -0400 (EDT) +From: Daniel Kahn Gillmor +To: David Edmondson , notmuch@notmuchmail.org +Subject: Re: using the fringe to indicate good signatures +In-Reply-To: +References: +User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 + (x86_64-pc-linux-gnu) +Date: Mon, 07 Sep 2015 18:50:47 -0400 +Message-ID: <87d1xtn8s8.fsf@alice.fifthhorseman.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=pgp-sha512; protocol="application/pgp-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 07 Sep 2015 22:50:59 -0000 + +--=-=-= +Content-Type: text/plain + +On Thu 2015-08-20 09:12:26 -0400, David Edmondson wrote: +> After listening to bremner, dkg et al. from Heidelberg, I threw together +> a quick patch to see how we might indicate signature validity in the +> fringe. The intention is to prompt more discussion - this code is not +> ready to ship. + +> The patch is attached. The result looks something like: +> http://dme.org/data/images/notmuch-signed-fringe.png + +I like the basic idea of this, thanks for putting it together. It's +good to put security indicators in a region of the UI that the message +content cannot modify or spoof. + +What do we think should be done if there are multiple nested signatures? + + --dkg + +--=-=-= +Content-Type: application/pgp-signature; name="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQJ8BAEBCgBmBQJV7hTIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB +NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc6EQP/1GotOG7JdzNvqTsbiGIq7kK +5Trab0ad3RALAGAlsXlCd1ZXzyK0I+BokOuq9GJfDnw+CjmxWJDgnJyXjZLqtti8 +XP9e48XxY3kF5LHPV4cSy82olCnQTzLEZIl84Aq3lwuJplQOLQwbNeh/9+j/7atS +a3JNPnCs4ulA8dC/q4e2z/0TECZI7vaLUTPpSIleOTyDgv+4QHJoFkfMLMvBss7o +0/Io59Ebb/epZclA3T57cIINb/48a23VgxBDdFlRyAmZyMNT+WNADDhScBq0H7Gb +U7R4Nz0Gd+m+jMiEjfOTMm8dN66evVaHxtNJnGFkdIEPHyjaSqTSCwVR62uRl1Yj +7i4YN5gszriccQDb7CLhkUvBSpU9+hJWpgmQlE3G9dP+5+OqMD+zsUxtWrc1PtX2 +Ez8hccsf53n0ytCE5x4egVFfa8BME9pquN1dnTdRz6d4l4+JA1QHn3fZWgNojjZF +7XHmtGxm6KZEr3o9iNumbAo6ja5oP2XzZw40h8PnGVxe14qNWhLdCgdLjv8hbvAs +yjHX9dbyH0gQyRcPfjw3P2PSVRHa1bVVj/sP/vBVC4+sBY2tz4eRkx11z1z9OInc +S/EtWvhelhbS1fgHDbNLZT7LWjrfkvF8vx/xlajM88QZZpccPqGrkSu6e01/Dhlf +nU7ygR6hAHuuy22pnI+C +=PKGX +-----END PGP SIGNATURE----- +--=-=-=-- -- 2.26.2