We've got two different end-to-end encryption methods and at least one more on the way (not to mention XTLS, which looks like it's going to be the new officially-blessed e2ee XEP...)
It would be nice to have a consistent way of telling the user whether they've authenticated the remote user's identity. The Esessions implementation pops up a dialog before it lets you chat if you haven't verified the remote user's identity. It's not a very good interface. <http://trac.gajim.org/ticket/3468> I like the way OTR did it; it tells you in the ChatControl whether you've verified identity or not, but doesn't interrupt anything. There's a menu item that pops up a dialog if you want to do a verification. My suggestion: If you're in an encrypted chat but you haven't verified the identity, overlay a big red question mark on the encryption lock icon in the ChatControl and put a tooltip on it explaining the problem. Clicking on the question mark pops up a verification dialog (specific to whatever end-to-end encryption protocol you're using). Good idea? Does it make the potential problem obvious enough to the user? Is there a better symbol/place to put the symbol/place to put the button for the dialog? How does the OpenPGP code handle an unknown key?
Description: PGP signature
_______________________________________________ Gajim-devel mailing list Gajimfirstname.lastname@example.org https://lists.gajim.org/cgi-bin/listinfo/gajim-devel