> I would suggest one slight extension to the scheme: The indicators > should be tri-state, not binary.
My original proposal was tri-state: as I was writing it up I reduced it to binary. I'm not sure I was right. I pitched it as a binary because it's easy to add complexity to a user interface idea; taking a UX proposal and simplifying it involves fighting the current. So, pitch it as binary and let the natural course of software entropy move it to tri-state if need be. :) The arguments in favor of binary: * Two states are easier to understand than three. We either make assurances, or we don't. The arguments in favor of trinary: * Many users are going to want three states even though, IMO, the third state is useless. A bad signature on an email message, contrary to popular belief in the community, doesn't mean the message was tampered with. 99% of the time it's evidence the *signature* was tampered with. PGP/MIME is infamous here: MUAs play hob with attachments and repackage the signature up in weird ways. So a bad signature, by itself, doesn't tell you anything about whether the message has been changed. All that a bad signature tells you is the sender thought the message was important enough to add an authenticity/identity measure, but authenticity/identity cannot be assured. And if we're saying "authenticity/identity cannot be assured", then really, that's no different from no signature at all -- so it should use the same black text as no signature at all. This is straightforward, logical, and mathematically pure. (Some years ago I actually drafted a formal proof of correctness for this idea.) But that purity omits something important, which is that people are not straightforward, logical, or mathematically pure. People expect to be told if-and-when there's a bad signature on a message. Yes, people ascribe incorrect meaning to the bad signature. Yes, people assume that means the message has been tampered with, even when 99% of the time it's the signature that's been tampered with. Yes yes yes. But that's doesn't change the fact it's what users want. So... yeah. My inner crypto nerd says the binary choice is a more accurate representation of reality. My inner UX geek says the trinary choice is what users will want and feel more comfortable with. The nerd and the geek are fighting for control of my soul. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
