From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: notmuch <notmuch@notmuchmail.org>
Subject: Re: a proposed change to JSON output to report verification of PGP/MIME signatures.
Date: Tue, 16 Nov 2010 15:51:26 -0500 [thread overview]
Message-ID: <4CE2EECE.8060000@fifthhorseman.net> (raw)
In-Reply-To: <87sjz19ext.fsf@servo.finestructure.net>
[-- Attachment #1: Type: text/plain, Size: 1565 bytes --]
On 11/16/2010 03:44 PM, Jameson Rollins wrote:
> Aren't clients going to have to interpret/display the output regardless
> of it's been verified or not? It seems to me that understanding how to
> display the verified output is really not that much more difficult than
> understanding how to display the unverified output.
With json (and similar formats), it's easy to write a parser that says
"i know what to do with data member $foo -- give me that one". This
lets you remain in blissful ignorance of data members $bar and $baz.
and if your backend suddenly starts throwing $qux at you as well, you
can just ignore it too, until you find you want to make use of it.
I imagine that someone writing a frontend would want to start with
things like message display, and not bother with fancier bits (such as
signature verification) until later.
frontends that know that their backend is somehow resource constrained
might also want to indicate to the user that a message claims to be
signed but not verify the signature unless the user asks for it. (i
wish my current MUA had that feature, actually -- some messages i get
are signed but i don't personally need to verify them on every reload
(or even ever), depending on their content, but my MUA always makes me
wait for the verification process to happen.
To be clear -- i think that signature verification should be the default
situation for MUAs that are capable of doing it, but i don't think that
translates into --verify being on by default in
/usr/bin/notmuch.
--dkg
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 900 bytes --]
prev parent reply other threads:[~2010-11-16 20:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-13 7:55 a proposed change to JSON output to report verification of PGP/MIME signatures Daniel Kahn Gillmor
2010-11-13 11:40 ` David Bremner
2010-11-13 16:00 ` Daniel Kahn Gillmor
2010-11-15 10:23 ` David Edmondson
2010-11-15 16:40 ` Daniel Kahn Gillmor
2010-11-16 19:47 ` Carl Worth
2010-11-16 20:06 ` Daniel Kahn Gillmor
2010-11-24 1:08 ` Daniel Kahn Gillmor
2010-11-16 20:10 ` Jameson Rollins
2010-11-16 20:22 ` Daniel Kahn Gillmor
2010-11-16 20:44 ` Jameson Rollins
2010-11-16 20:51 ` Daniel Kahn Gillmor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CE2EECE.8060000@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).