using the fringe to indicate good signatures
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 7 23:43:49 PDT 2015
On Tue 2015-09-08 02:01:42 -0400, David Edmondson wrote:
> On Mon, Sep 07 2015, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> On Thu 2015-08-20 09:12:26 -0400, David Edmondson wrote:
>>> After listening to bremner, dkg et al. from Heidelberg, I threw together
>>> a quick patch to see how we might indicate signature validity in the
>>> fringe. The intention is to prompt more discussion - this code is not
>>> ready to ship.
>>
>>> The patch is attached. The result looks something like:
>>> http://dme.org/data/images/notmuch-signed-fringe.png
>>
>> I like the basic idea of this, thanks for putting it together. It's
>> good to put security indicators in a region of the UI that the message
>> content cannot modify or spoof.
>>
>> What do we think should be done if there are multiple nested signatures?
>
> Cry?
heh :)
> More seriously, we could use the indentation space for a similar
> indicator, which would allow us some room at an appropriate depth for
> each message (but not each part (in the default configuration)).
hm, but couldn't the indentation space be spoofed by a well-crafted
message? that is: a non-indented message will consume space up to (but
not including) the fringe. so a well-crafted message could be made to
*look* like an indented message, including whatever is comparable to the
chrome/UI elements we would use for an actual signed message.
I think it is also acceptable to just punt at some level -- we can say
"notmuch-emacs will indicate the outermost signed message part in the
fringe; it will not indicate nested signed messages in the fringe".
this is still an improvement from the status quo.
--dkg
More information about the notmuch
mailing list