Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id B9C8A6DE0B38 for ; Mon, 7 Sep 2015 15:50:59 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.132 X-Spam-Level: X-Spam-Status: No, score=-0.132 tagged_above=-999 required=5 tests=[AWL=-0.132] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFf7lgLlJ4pm for ; Mon, 7 Sep 2015 15:50:57 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by arlo.cworth.org (Postfix) with ESMTP id 419E26DE0B27 for ; Mon, 7 Sep 2015 15:50:57 -0700 (PDT) Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 56B3EF984; Mon, 7 Sep 2015 18:50:52 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id D1FCC24871; Mon, 7 Sep 2015 18:50:52 -0400 (EDT) From: Daniel Kahn Gillmor To: David Edmondson , notmuch@notmuchmail.org Subject: Re: using the fringe to indicate good signatures In-Reply-To: References: User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Mon, 07 Sep 2015 18:50:47 -0400 Message-ID: <87d1xtn8s8.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Sep 2015 22:50:59 -0000 --=-=-= Content-Type: text/plain On Thu 2015-08-20 09:12:26 -0400, David Edmondson wrote: > After listening to bremner, dkg et al. from Heidelberg, I threw together > a quick patch to see how we might indicate signature validity in the > fringe. The intention is to prompt more discussion - this code is not > ready to ship. > The patch is attached. The result looks something like: > http://dme.org/data/images/notmuch-signed-fringe.png I like the basic idea of this, thanks for putting it together. It's good to put security indicators in a region of the UI that the message content cannot modify or spoof. What do we think should be done if there are multiple nested signatures? --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJV7hTIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc6EQP/1GotOG7JdzNvqTsbiGIq7kK 5Trab0ad3RALAGAlsXlCd1ZXzyK0I+BokOuq9GJfDnw+CjmxWJDgnJyXjZLqtti8 XP9e48XxY3kF5LHPV4cSy82olCnQTzLEZIl84Aq3lwuJplQOLQwbNeh/9+j/7atS a3JNPnCs4ulA8dC/q4e2z/0TECZI7vaLUTPpSIleOTyDgv+4QHJoFkfMLMvBss7o 0/Io59Ebb/epZclA3T57cIINb/48a23VgxBDdFlRyAmZyMNT+WNADDhScBq0H7Gb U7R4Nz0Gd+m+jMiEjfOTMm8dN66evVaHxtNJnGFkdIEPHyjaSqTSCwVR62uRl1Yj 7i4YN5gszriccQDb7CLhkUvBSpU9+hJWpgmQlE3G9dP+5+OqMD+zsUxtWrc1PtX2 Ez8hccsf53n0ytCE5x4egVFfa8BME9pquN1dnTdRz6d4l4+JA1QHn3fZWgNojjZF 7XHmtGxm6KZEr3o9iNumbAo6ja5oP2XzZw40h8PnGVxe14qNWhLdCgdLjv8hbvAs yjHX9dbyH0gQyRcPfjw3P2PSVRHa1bVVj/sP/vBVC4+sBY2tz4eRkx11z1z9OInc S/EtWvhelhbS1fgHDbNLZT7LWjrfkvF8vx/xlajM88QZZpccPqGrkSu6e01/Dhlf nU7ygR6hAHuuy22pnI+C =PKGX -----END PGP SIGNATURE----- --=-=-=--