OpenPGP signature spoofing using HTML

Posted Oct 17, 2018 17:19 UTC (Wed) by iam.TJ (guest, #56644)
In reply to: OpenPGP signature spoofing using HTML by karkhaz
Parent article: OpenPGP signature spoofing using HTML

The problem with using colours, especially in a text console application, is how a visually impaired person can be clearly notified of the security status.

When the information is presented in-line a screen-reader or braille display is not going to be able to differentiate.

Signature presence and verification ought to be presented out-of-band - outside the body of the email and where it cannot be faked.

OpenPGP signature spoofing using HTML

Posted Oct 18, 2018 12:15 UTC (Thu) by karkhaz (subscriber, #99844) [Link]

I'm not familiar with how braille displays render console output, but in the example I showed above the out-of-band information is the last line of text: that line always contains a status bar, and emails cannot write arbitrary text into it.

Does a braille display exactly copy the spacial layout of a terminal, such that the lowest line of the terminal sits at the bottom of the display? If so, then this still works. Otherwise, I'm not sure what the general solution is for out-of-band signalling that also works for visually impaired people. Note that when I said "bright white", what this really means is that text that mutt injects into the email is marked up with the bold attribute for terminal display (as opposed to regular email text, which has no formatting). So for this particular use case, it would suffice if a braille display could somehow indicate to its user that some range of text is 'bold' or otherwise important, no need for various colours.