On 20/09/15 05:06, Robert J. Hansen wrote: > First things first: rename it, because only hardcore nerds understand what CIA > means. (“What’s the difference between integrity and assurance?” is a really > common question in undergraduate computer security courses. Even computer > science majors who have an interest in this stuff, as evidenced by signing up > to > take a class in it, generally don’t understand it.) I’m going to rename the > triad the PAI triad: Privacy, Authenticity, and Identity. Further, instead of > giving incredibly detailed “valid signature but the certificate has not been > validated” types of messages, let’s reduce it to binary choices. People like > binary choices: they’re easy to understand. > > * *Privacy* is a binary state: yes the message was private (encrypted), or > no > it was not. > * *Authenticity*//is also a binary state: we are confident the message is > authentic, or we are not. > * *Identity* is also a binary state: we are confident it came from the > specified person, or we are not. > > > We can present this information to the user using just three letters in > different colors—green for yes, black for no. Imagine, for instance, that we > have an untrusted good signature on an unencrypted message. We would then put > at the top of the email: > > Privacy Authenticity Identity >
Clear thinking and well presented. I like this idea. Philip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
