Dear all, Let's compare a messaging system like TextSecure to the experience of secure email messaging. A user downloads TextSecure, starts using it. It has a familiar UI, and encrypts when it can without any explicit user invocation. If they want to validate keys, they can do so easily: there is one fingerprint and clear instructions on how to compare it. The semantics are exactly what is expected.
Compare to what happens with GPG. Immediately the user is asked to make important choices with no guidance. Key discover is separate step. When sending messages, they have to choose several orders of operations and ciphers, with the wrong choice having consequences. I don't think any choices have the right semantics. A lot of this has been ruled out of scope as UI issues, but I don't think so: I think that solving these issues require removing many of the problems that we expose to users. Certainly some plugins do a very good job of fixing some of these headaches, but I don't think any of them are as reliable as TextSecure. It's clear to me that this isn't easily fixable by standards work alone: much of the damage is baked in to the functioning of S/MIME and PGP. What needs to happen is that we need to come up with good ideas around key management that are actually deployable, and provide the semantics people want. Sincerely, Watson Ladd _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
