On 5/26/15 8:50 AM, Patrick Brunschwig wrote:
I would definitely want the "owner trust" and "validity" columns to be merged for non-expert users. The idea should be that users should only specify if they verified the key or not. Depending on this, the owner trust level and signature should be created automatically (or not).
Please don't do this. These concepts are hard enough already for novice users, combining three things into one decision will only make that harder when an Enigmail user tries to interact with non-Enigmail users.
For novice users, "validity" essentially refers to how much confidence they have that the key they are looking at is associated to a real human, and that the human in question is the same as the one described in the key. This decision is rarely actually meaningful ... either you get the key from someone you know, or you download it from a server because someone signed a message on a mailing list. (I'll deal with key signing below)
"Trust" (in the GnuPG sense) is only really necessary when you're dealing with someone else's signatures being "adequate" to prove the validity of another user's key. That's not a concept that novice users need to bother themselves with.
I think the OP was on the right line, which is you can ask the user some simple questions during key import, with sample levels of answers that conform roughly to the generally accepted "levels" of response. But first, we should clean up the way those terms are used in the interface, and determine what our goals are.
The "Sending" tab on the Preferences dialog still refers to "trust" in relationship to sending encrypted messages. That needs to be changed to "valid," but the default should be "All usable keys." There is near-zero harm that can come to a user by encrypting a message to a key that they haven't spent hours validating. Thus there is no need to expose this to users except in the advanced settings.
For the vast majority of users, especially novice users, the concept of validity is a non-issue. They are either going to get the key from someone they know, or they are going to download the key because someone on a list signed a message. So IMO the *default* settings should be to auto-import keys, with no validity settings, and no trust. For cases when the user actually wants to set those things, a "wizard" with some quick questions will get the job done. Something like this:
Where did you get this key?1. It was downloaded to validate a message sent to mailing list (I do not know this person) 2. I received it as part of a PGP key signing ceremony, and I validated it lightly 3. I received it as part of a PGP key signing ceremony, and I validated it thoroughly
4. I received it directly from someone I know well
How well do you trust the person to validate other users' keys?
1. I do not know their level of experience with PGP
2. I do not trust their level of experience with PGP
3. I know they are somewhat thorough about validating keys
4. I know they are very thorough validating keys
5. This is my key
The default for the first section is obviously cert level 0, #2 would
get cert level 2, #3 and #4 can get cert level 3.
The trust section is a one-to-one mapping.So with two questions you can set the levels in a manner that the user understands, without delving deeply into the details.
I'd replace the validity column with a "share" (upload to key server) column.
I don't think we should encourage novice users to upload signatures. It's likely to do nothing more useful than to pollute the key servers with garbage data. If the user engages the wizard described above the wizard should lsign the key(s). There should be a separate dialog for exporting the signatures, and the default behavior should be to e-mail a signed version of each uid to the e-mail address represented in that uid. This has become the common way to handle PGP key signings, and there are several software packages that do this for users, but it would be awesome to build this into Enigmail.
I would not even include an interface in Enigmail to allow users to send keys directly to the key servers, except for their own.
hth, Doug --I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
