Hi Hauke&Group, I have been following this thread with a lot of interest. I want to jump in here to make sure that something implicit is made explicit: If a unsophisticated user is allowed too much latitude (or provided too much information and the way to dessiminate it), not only can they harm their own security posture, but they can also harm others. To use Daniel's analogy, I would put up the guardrails, because even though I may not care about the driver who intentionally goes off the road, I do care about the busload of children on the curve below him that he could kill due to his ignorance/stupidity. Whatever infrastructure changes are proposed and ultimately adopted, protection of the data must be the primary concern, not ease-of-use. There are a lot of tools available that take some time to learn. Sometimes this is ultimately a good thing. I would rather a child learn how to cut wood with a small hand saw than let them loose with a radial arm saw to start. Overhauling the WoT may (and probably does) make a lot of sense, but when designing a security infrastructure limiting the amount of information to the bare minimum to perform the task (or provide the correct amount of protection) is a cardinal rule.
-----Original Message----- From: Gnupg-users [mailto:[email protected]] On Behalf Of Hauke Laging Sent: Thursday, May 01, 2014 10:35 PM To: [email protected] Subject: Re: UI terminology for calculated validities Am Do 01.05.2014, 23:48:08 schrieb Daniel Kahn Gillmor: > We're talking about building infrastructure here. That means that (by > definition) we're making choices for some people who will never know > the details of the infrastructure. That is correct. But there are two groups of decisions: a) how to do it b) whether it can be done at all or not > The greater the complexity of the infrastructure, the more fragile it > is, That may be true but there is a level of complexity below which the infrastructure (of a complex problem) becomes useless. That is about the current state of the WoT. Crypto is about protecting information. The level of required protection depends on the (kind of) information. In order to decide whether a key is suitable to protect a certain data you mandatorily need certain information about the key. Most of which cannot be taken from the certificate. That is not an opinion but a simple but broadly ignored fact. Ignored in order to protect the users from too much complexity... > And infrastructure which supports social graph publication is > inherently more leaky than infrastructure which declines to define a > way to do so. That is correct. But there is a difference between "supports" and "enforces". > I know you and i disagree on this Hauke; it's not the first time. Disagreements are not a problem per se. It's perfectly OK to disagree on the recommendation whether to publish such information or not. And it is OK to debate how to present (or hide) this information to the user (e.g. via ‑‑expert in gpg or "expert settings" in some GUIs). > i want to ensure that we don't > make it easy for users to do things without thinking that might be > harmful in the future. That is a noble intention and I don't doubt it. But if ensuring turns into disabling then a line is crossed. In my courses I tell the crypto newbies to forget the WoT. Not forever but until they have a firm understanding of the technology. That is a useful way. Crippling the technology isn't. > If i was designing a road in a mountainous region, i'd want to build > the road with guard rails too, even though some people might prefer > to drive off the edge. That would probably be a good idea if there is only one road. In contrast to rather expensive mountain roads we can build a second road more or less for free. I guess there wouldn't be a concensus that the better road should not be built just because some unqualified driver might use it though he has been told not to do so. If somebody deliberately endangers himself – so be it. That possibility is no reason to prevent those users with a brain from improving their situation. > I *still* haven't heard > an argument that makes sense to me for why the added complexity of > certificate signing policies and certification levels are things that > will help users use these tools. I repeat myself: Crypto is about protecting information. The level of required protection depends on the (kind of) information. In order to decide whether a key is suitable to protect a certain data you mandatorily need certain information about the key. Most of which cannot be taken from the certificate. That is not an opinion but a simple but broadly ignored fact. Ignored in order to protect the users from too much complexity... "help users use these tools" not in the sense of "making the current use easier" but in the sense of "using the tools for applications which are today not (or hardly) possible". > The added complexity hurts rather than helps adoption and use. Added complexity would not even affect unqualified users (if well implemented). Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
