-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sat, 3 May 2014 17:28:56 +0100 MFPA <[email protected]> wrote: > > Letters of > > introduction are not something one encounters much in > > the modern world one but tying the process to a > > physical analogue might make things easier to > > understand. One could recycle old costume dramas to > > make tutorials. > > That is an interesting thought. I wonder how what proportion of the > population would know what it meant, unless it appeared in a book they > studied at school or a film/TV programme they saw last week.
It's a descriptive term so it shouldn't be all that hard to guess the meaning. In any case I think people would get it straight away if one showed them a video clip of someone requesting,receiving and then using a paper letter of introduction. That would make it easier to explain the digital equivalent. Pity D'Artagnan lost his. > > In normal usage one needs the answer to two questions: > > Can I send private messages to this person? Did this > > message/file come from the person in question? > > I would propose a third question: Was the message/file altered in > transit? In most cases this would have the opposite answer to the second question. It might make things simpler to combine them in practice: Is this an unaltered message/file from the purported sender? > > > > > It gets a bit more complicated when managing/signing > > keys but with a GUI one could just present statements > > about a key for the user to assent (or not to) without > > any need to classify the statement itself. > > > I (will not say whether|do not know whether|am quite > > confident that|am very confident that) this key belongs > > to <userid>. > > Why ask the certification level? What is this information used for? > Unless it actually has a real use, the user should not be asked to > spend time considering it, it should not be recorded, and certainly > should not be published. If somebody thinks they need this, and knows > why, they should be able to find it in an "expert" mode. You're right. If we're not issuing certs/letters of introduction then there is no need. If we are then for compatibility with the existing WoT I don't think we can avoid asking. > > The basic user (and in my opinion, most users) should just have one > question but need to answer it in respect of each UID, something > like:- > > "I accept this key for communication with <userid1>. Yes/No" > aka <userid2>. Yes/No" > aka <userid3>. Yes/No" Presumably if implementing with the existing gnupg infrastructure this would be a non-exportable generic certification? > > > > > Issue letter of introduction: Yes/no? > > I think this should also be in an "expert" mode, or at least absent > from a "basic" mode. I'd prefer to keep things like trust signatures and granting ultimate trust a little more fenced off than ordinary keysigning/letters of introduction so perhaps an intermediate mode. > > And I would prefer something more like "I hereby publicly state that > this key belongs to <userid>. Yes/No" With a Yes/No selector for each > of the UIDs on the key. Once you start doing things publicly one would need to pick a certification level in order to inter-operate with the existing WoT. It isn't clear to me that there is a good default. My original phrasing was intended to fit in with the letter of introduction metaphor. While in the long run I may have to kill my darlings for now I'll stick to trying to make my pet metaphor work. In that context I think leading off the whole thing with "To whom it may concern," might work better than a separate public declaration for each uid. > > Accept introductions made via this key: (No,In concert > > with X others,Yes). > > Another I think should possibly not be in the "basic" mode. Does an > absolute beginner really need to be able to nominate trusted > introducers? Another one for an intermediate mode I think. William -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJTZTv3AAoJEIs9pW5WIWm3C1sQAIKCxAgFZPGNHit4XEVRsY3E sHpTrXhat94XVH42PNSKGpsZ5QPOcBfsgQKBC1zLCKJwSV8a5qEy94Idd1zKVlv3 FTszxd8TEYToQXexTX5AFxQmuOTR5HKGlFKO2DZigK7BVtE2BtLATADroJ0JQs8A rK1MkGVlUaaVM2n0ZGY0V5zIE1q7xhMvkyzXQK757NdybA9VhXX8k1zIzLsnrpue OjzkyRV0RllyULqjuLNGkotACEarB8stlJubdPoxKBrhTF5Ajiv0lsA5b4gMX69S 60SiwP8EANpJvwmE/i6HdDZh9niQ2QqdaTbW5NrKn4aoxr4gRAnPZrfaynsJYhUy CCTtITAntg1yLkemx4NoCididqkYZx1MY/fnn3zslptXFQWAUtz8RKJl+zuCnkNT AFAQZxzVJig6Re3NSCnhVNqxPiDJLE146ZrNqdW/4mQvKN1+eZM4HllU1TeAnGAD AOnLLRK0+v58sdf4gy0WGAQl1xI3zk0B/7CCIQlXQLtk6Mg14qlj1AEka6IXAXCj 6M58ntipwCUZI4m1aYwhI+PRj7C7UxJ0IgWTR2Vo+bqpp93uhptcwsfbSRqfeNV9 P2gHj/I4xmrgq8A7y+kzsZSRUyv05uhFQhDURXqQrYc3wZbTyHEIOuvKrDqIM03E 9nEF0bvQ0McPnvbG9OwU =wYHb -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
