On 3/17/15 8:00 PM, Daniel Kahn Gillmor wrote:
On 18/03/15 12:43, Doug Barton wrote:Were the buttons for encrypt and sign moved up to their own toolbar instead of the old icons at the bottom because the latter was too subtle? Would it not make more sense to put them in as default buttons on the Composition toolbar? Also the icons used seem very fuzzy to me.the icons at the bottom were two small for most people to notice, and it was not clear that users could interact with them. The toolbar is an improvement, even at the cost of extra screen real estate.
I buy that argument, but it seems much more reasonable to me to make sign and encrypt buttons that show up in the composition toolbar. This would mean that we get the same usability improvement, but no additional screen real estate would be necessary.
The "Attach My Public Key" button is almost certainly a bad idea, as it will cause new users to think that this is an action that should be done frequently, rather than rarely.This is one of the most common actions that new users *should* take,
Um, since when? Hasn't the CW always been to have the user upload their key to a key server? If they are corresponding with someone who isn't smart enough to get the key Id from the signature, the new user can simply send the fingerprint to their correspondent, and they can download the key that way.
In all the years of experience I have with enigmail I've never used this feature once. And just about every new user I've run into who has used it simply checked the box because they couldn't think of any reason not to.
Sending your public key is a very infrequent thing that only new users need to do. Putting that front and center in the enigmail toolbar seems to be an odd choice to me.
since their correspondents don't have their key yet. I've hesitated in the past to ask people to send me their key because i didn't want to have to ask them to dig in the menu. This makes it much esier.
You shouldn't be asking them to send you their key. See above.
And given that most of my messages are unsigned and unencrypted I find the big red message to be ... offputting to say the least. Do we really want to encourage routine signing?I see this as comparable to browsers degrading the UI for http: http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
Um, no, that's not the same thing at all. It's quite disturbing that you don't see the many ways that they are different.
Routine *encryption* has some similarities to deprecating http vs. https, but we already have the opportunistic encryption feature. That feature should be enabled by default (if it isn't already).
This is entirely a good thing. The red warning will go away if you encrypt, even if you don't sign. If we don't want to encourage routine signing, maybe the warning could stay red as long as it's unencrypted? Or maybe it could be:
I'm sorry, but this is total nonsense. Routine signing is a BAD idea. Messages sent to mailing lists cannot be encrypted. And I use thunderbird for business communication where I cannot do either, ever.
With all due respect to those who obviously put a lot of work into this new feature, I think it's at best ill-advised, and is likely to be actually harmful.
Doug --I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
