Curious behaviour classifiing trust level

Curious behaviour: When I receive an e-mail from Microsoft it is classified as trust level 3. When i change to view another msg and come back it is classified as a trust level 4 (I trust this cert). Then is always shown as trust level 4. If I shutdown Outlook and restart it repeats this behaviour. Outlook 2013 64 bit.

Josep M.

A sample msg from MS:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Title: Microsoft Security Advisory Notification
Issued: February 21, 2020


Security Advisories Released or Updated on February 21, 2020 ======================================================================================

  • Microsoft Security Advisory ADV200002

======================================================================================

Other Information

Recognize and avoid fraudulent email to Microsoft customers:

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.


THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.

If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to
unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you’ve requested or any mandatory service communications that are considered part of certain Microsoft services.

For legal Information, see:
http://www.microsoft.com/info/legalinfo/default.mspx.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELTQbGKdJ0A4NErYObMczVWaPe3UFAl5Qm8sACgkQbMczVWaP
e3XQBQgAkFsEisKwPwzk46Zb02JjK6fsAV+VFBX+zUv28UX/v7KzvVcpJ4Foe/Yi
6hIZSYKmXlQKVHuFh30+zxQHRP1BaAVsUOGSEnAKw4hoZlHGKV1WC5KKRw4zsn0D
ZIznIfxVDFrF73G+/aME20LLWUfxzDEi5H1Qx5xrwDZMDC2SKZs3SMz1Mu2urJhE
RFOzpf0AGTOUzV4l/UvLtsON2MD9xb9PLew8p+ke6/5ZYO4cWCh9iegofmDSeA0Q
aW7ZqRBg7s8bZlj4ngo3YPQrUcfxi4JBF4NTndes2MAI0Udq5vbsDiz9qBzsNhje
ybSOVVQYHtCs+SyHBlvKBbTLVV9jMg==
=9xgB
-----END PGP SIGNATURE-----

key for MS:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: ID de usuario: Microsoft Security Notifications securitynotifications@e-mail.microsoft.com
Comment: Creado: 31/10/2019 18:09
Comment: Expira: 31/10/2020 18:09
Comment: Tipo: 2048-bit RSA
Comment: Uso: Firmado, Cifrado, ID de la certificación
Comment: Huella digital: 2D341B18A749D00E0D12B60E6CC73355668F7B75

mQENBF27FUMBCADk4AfYyRvDN0wpPy0F7m8rmF+r+tlgpGPDCYDwOR8rsK/gce5j
N3ioEBF8iYXTgFc5izsUGckQicStErIBgVdxtAYLPD4L97KZmHqddaiSvZbQ0d3D
D8LZdS3fTOZ/YPZAnz97TFhxtaCKUjXI+r57pf15vF0nPReWyevO65fXGJPddvAN
AE1qbLtQkZkFN/S+qZxDHqb4l/FV5eAf44whvuCA+eNXma16Kc3NME37wsS7MWGP
V1M91j697PmTSnYgzqjfX3uWSRFaL6vNdWmNHS40Xzpi/KV9ha/b5iiequpwZqAj
lhLVxilUk1dh4UGtPWOGCsI4MEsNmEjRAeAtABEBAAG0TU1pY3Jvc29mdCBTZWN1
cml0eSBOb3RpZmljYXRpb25zIDxzZWN1cml0eW5vdGlmaWNhdGlvbnNAZS1tYWls
Lm1pY3Jvc29mdC5jb20+iQF4BBABAgBiBQJduxVlBQkB4oUAMBSAAAAAACAAB3By
ZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQgLCQgHAwIBCgIZ
AQUbAwAAAAUWAAMCAQUeAQAAAAYVCAkKAwIACgkQbMczVWaPe3U3Hgf/a9daBn5B
ahbE7JhjnmGUAbiBQx6WIgU3+3eaf4ypVEePMaAocWKvpkIITdhx1Bt5p0pI9Ukg
kvN6oGMxuTkjYhu2PqRmGa5NrB/60hzXlf/3bzIXsoUq7g59QxIdx+3kz4Vwhpa5
w4/IaZpzPc4Bj5g7FdxLzBRnJENmXO0vm+dMaVB8GOxcJxhKUC/EmM23Qkl8SoBE
gbtqMdW1tsRDKZDpMIvGTk90FsiYD6sHVBH3KKb/in/z72cM/9UTwr5nXcDL/9Tr
qUfWeKrbCmkVyVq3l9ulfUGoyMtD5MMUYjQ+uHDW/r4WjfsJ8/V3CFMyW9VugQVe
ZRAUBpOKru9JFLkBDQRduxVEAQgAunW3GB68xaoMI3JBhjcWxM7J7Ly2JY5SzK51
9lzfD5gJiHp3WBkbo7adF5Dn1SPMTiM3e+u2g8pUSyjpMaYObkZdx3d4BHiZXjDB
MfczBtc/7iKOqFj7+E1Fm5cblGS0BOSrWelBmefszLACi8jw/uxusYf6rewxnkg+
ADx4wQo9bcNHH2DeVG36DM0sysSBpCVWFQQd6c3UtDTCB5QhMK4paytY1yk/kEEu
3SCXmEAtrrH6hMD/ln9QIvVfvoybGTheeAC+DkHaqfiDMgVGKv3UbWgc1zxUEPSX
pwJh9AB/xaSL1n78YG7LYinNCJjfXx6oXzcHze+NdsGR5nHJuwARAQABiQJHBBgB
AgExBQJduxVlBQkB4oUABRsMAAAAwF0gBBkBCAAGBQJduxVEAAoJEHzMq3/U7owe
vYYH/05JRBXRLX9GOc28mQrg2l237LPZail1dUyFtb9pILMrlL8BhQqxHJ3GBw90
gmYRd1hgX3SG0DmDdiSS/CDRj2ESJyYNjYQFuJ2r3oIUgtKvIUg+L0y+/jY5x3BW
Qe3JWGQKxLTRgz98dFi0Aot1GdEvs+E0eY4z4dJTkHtrvavSp9Wl7Yw/P+ScRuvb
0w26q1uuEZ0/R8dS2H/0N52BmX75ooKgRY6KaHcEpbWWfSE/6eaRB9Q095O3zs6n
1xQDL0vSVlooCDrQSvEzh2ufcq7L0x1QcXH1REKr7fFzBzbaj/a04paM02b35LTb
QvPTsU/u8GP7hpRc9F+vDPzcolMACgkQbMczVWaPe3XMUgf8DkRkX0xABFf/rDyq
5ow763AaQzf/CYlTBS6ivqet12kIQ6y6cIbBy22Jbe9KKwF/WI8BP8HvVIPwMdnh
d1Bf+cNjO71xXWFr96AwmgX6h8DcrdGW5NnUD+V5l11sQmMN6H0KEiAxrGEs37IZ
3nA2ITPoZv4sWxmuP54x973hwKS7mKrra76VR6nWiHST4IO2H9NBKhNqv1zGW3fm
rwRWMHPXfTN3ebgmy80z2qIi/teKcjiE2MYT4AKz5ZFWTDD2Bjz8oaC/K3QpQKRh
spxdn7pj4ROuVVgl4PVc7YczIUYp5edEB7bPBsE/rcuHCKZGbwW4QLqUmh/5b8c7
hpkaEQ==
=AiJO
-----END PGP PUBLIC KEY BLOCK-----

Hi,

I don’t really have a fix for that. But maybe it helps you to understand the reason behind this:

For trust level 4 GpgOL checks if one of your own keys, or keys that you ultimately trust, has directly certified the key of the signer. For that it needs to list all your keys and build up it’s own keycache, so it’s own understanding of how your keyring looks like, then it has to check all the signatures of the signers key and check if there was a valid signature made by one of your keys. As this can take a while this is all done in the background. If this is not done yet when you view a mail it will only show what the crypto backend says “This key is fully trusted” that is the information that the crypto backend gives. That is trust level 3.

Doing its own additional checks will “later” raise that to trust level 4.
I’m talking with our backend developers about that and for the next major version of GnuPG we will have a “keyring deamon”, which will be a long running process that has the information about all your keys in memory. That will greatly increase the performance of such operations and will allow GpgOL to quickly query the information it needs. So this problem should be resolved by that, or at least I should have the tools I need to resolve this issue.

I could update the trust level once all keylistings are internally done but changing the trust level while you are viewing a mail also seems kind of ugly.

Hope this helps to understand the problem.

Best Regards,
Andre

Thks for your explanation Andre. We can wait for a major rev.

Another curious behaviour is that the blue stamp icon on the left in msgs list can appears or not for the same type and sender of msg (trust level 4).

could update the trust level once all keylistings are internally done but changing the trust level while you are viewing a mail also seems kind of ugly.

Just an idea:
It would be okay, if the initially shown trust level would indicate that it is a trustlevel forcast
and some operation is going on in the background. Experienced users could come back later or wait.