Hi, My vote is to adopt Gabe's convention. I think it makes a great deal of sense.
Thanks, Bob Cavanaugh -----Original Message----- From: Gnupg-users [mailto:[email protected]] On Behalf Of Gabriel Niebler Sent: Thursday, April 24, 2014 4:10 PM To: Doug Barton; Peter Lebbing; [email protected] Subject: Re: UI terminology for calculated validities * PGP Signed by an unknown key Am 25.04.2014 00:22, schrieb Doug Barton: > Isn't what you're talking about "verification?" To my mind, "verification" is the _process_ whereby the _properties_ like "validity" and "authenticity" are established*. I see a difference there, but one could absolutely use the word "verified" and "verification", of course. > I think the concept of "validity" in PGP sort of implies that you > have verified that the key is valid for that particular user/e-mail > address, but wouldn't it be better to just say that explicitly? Yes, it would. That's pretty much my whole point. "Validity" is misleading, because it's commonly associated with dates (valid from ... until ...) or a some sort of stamp that (in)validates something. In terms of GnuPG keys, this would translate more readily to expiration dates and revocation, so "validity" could be used for that (if at all). So if a UserID or key is listed as "validity unknown", new users scratch their heads. If instead GnuPG lists a UserID as "not verified" or with "authenticity unknown", then even most new users should understand more-or-less intuitively that they need to verify or authenticate the key (and, hopefully, why). And it also works in the WoT model, one just says something like "GnuPG can compute authenticity/verification from a key's signatures..." or "GnuPG can authenticate/verify a key based on its signatures...". > And apologies to anyone for whom English is not their first > language if it seems like we're spending a lot of time trying to > differentiate things that are very similar ... I thought a bit about other languages and I believe the issue is similar there. In German, validity translates to Gültigkeit, authenticity to Echtheit or Authentizität, verification to Bestätigung or Beglaubigung and the connotations are very much the same as in English. I'm fairly confident that it will be similar in a great many languages (probably almost all Indo-European ones, at least). So if a slight change in language would make things clearer to English speakers, the corresponding change translated should also help speakers of other languages. Best gabe *: Say I received a key with my friend's UserID bound to it. I call them to _verify_ that it's actually the same key they generated and sent me by comparing fingerprints. With the _verification_ done (which did not involve any fiddling with bits), I know validate/authenticate the key by signing it (bit fiddling). Now the key is "valid"/"authentic" to GnuPG. * Unknown Key * 0x14E244B3(L) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
