On 11 July 2011 05:16, Daniel Kahn Gillmor <[email protected]> wrote: [...] > I actually agree that best-effort approaches can be a reasonable part of > a good crypto toolkit, but the willingness to accept a downgrade needs > to reside in the toolkit policy, and the policy needs to be both > comprehensible to and controlled by the user. That is, if there's a > message that i would rather fail to get through than potentially leak, i > should be able to say "no downgrades on this communication, please". > Alternately, for a message that i don't really care about > confidentiality at all (e.g. i expect it to be public anyway), i ought > to be able to say "downgrades are OK". > > The UI challenge here is not an easy one. And it's even harder if you > want to cover situations more nuanced than the two extreme examples i > gave above. >
Why not have 'protected' mode = downgrades are not OK by default? If the message fails to pass, then the option could be given to make it OK not to downgrade. Also, like in Google+ circles, a user has to choose how much they want to share; it is just as simple as clicking a button before sharing. Abhishek _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
