|
point well taken. still as
in so many things we need to arrive at a good balance in security the base error that is made today is that security can be passed out like fliers at the fair; that security can be done automatically for the users. this is the essence behind the SSL/TLS/X.509 problem : people do not know who they have been made to trust here's what happens if we understood that we need to vet and sign for (authorize) the keys we are actually going to use we would, in security parlance, dramatically reduce the attack surface i do not see public key encryption -- wheter as x.509 certificates or PGP keys -- being successful unless and until individual users assume responsibility for authorizing only those keys or certificates that are actually needed . passing out "security" like fliers at the fair is not going to work well. On 09/19/2015 08:39 AM, David wrote:
On 9/19/2015 6:11 AM, Mike Acker wrote:Then let people click on each to get more detailed information. E.g., if they click on "None" a pop-up window might say, "Although the digital signature is present, it cannot be verified because you do not have the sender's public key."An observation from me about an 'average user'? The more information that you add to the screens the less of it the 'average user' will read. The famous "Click next - next - ok" effect. The more complicated that you make GnuPG and Enigmail for the 'average user' to actually use - do this - read this - make a decision - read some more IMHO the less it will be used by that 'average user'. Or perhaps even worse to be used incorrectly. Enigmail has a 'Setup Wizard' (exact name?) and one simple check box fills a whole page of settings. Most of which I would think a new 'average user' would have no idea what they are / do or why. Or cares. Make it as complicated as you want but I would highly suggest, if you want that 'average user', that you also offer a simple path. my 2 cents -- /Mike |
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
