Status of digital signature of received mail not clearly shown
On receiving an e-mail with a digital signature as follows:
Content-Type: application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
The following message view is presented (partial screenshot):
-
The Invalid Signature notification is not immediately displayed if the message is larger than the viewport (both for preview and opening the message in a new window), and only by scrolling to the very bottom of the body view does the error condition come into view.
-
The "Security:" header also gives no indication there is a problem (falsely stating the message is encrypted is reported in #446 (closed)):
- The message body seems to have a small red border to indicate the message signature is not valid/trusted, with a small green border for a valid & trusted signature. An unsigned message has a grey border. The distinction between these three cases relies on the presence of a single-pixel border and is not clear enough.
These three issues taken together don't adequately convey the state of the message's security, especially in the case where a signature is absent or not trusted.
Suggest amending the Security: header to give a summary of the trust status of the message without relying on subtle borders and an important warning that is not reliably presented, and optionally adding a colour indication to draw attention?
Security: S/MIME Signed (Verified)
Security: S/MIME Signed (Signature Error)
Tested on evolution-3.30.5