On Thu, Feb 13, 2014 at 6:50 AM, Daniel Kahn Gillmor <[email protected]> wrote: ... > I'm actually concerned that none of this is > relevant without a major UI overhaul that requires user transcription > (or at least copy/paste from some other source) instead of user > comparison. Transcription requires active participation *in order to > get to the activity that they want to do*, instead of just "click yes to > confirm", or any sort of after-the-fact steps (which will probably never > get taken). ... > I like the idea of trying to run such a study. I'm also interested in > studies that compare specific interaction modes against one another, > though. A tool that says "you can't send person X an encrypted e-mail > until you have typed or pasted or QR-scanned their fingerprint" (which > is remembered by your mail user agent thereafter for future sessions) is > radically different than one that says "is this fingerprint correct for > this person?" > > Is it possible that a good, usable tool could avoid ever showing > fingerprints (or parts of fingerprints) of unverified keys, to ensure > that the user has to actively confirm them from some external source?
I read this as two different proposals: (A) Users aren't able to communicate unless they enter each other's public-key fingerprint. That wouldn't work for a general communication tool, as the high entropy of fingerprints makes them awkward to handle, and the extra security of a manual fingerprint check isn't needed for many conversations. A tool that required this would be rejected by most users. (B) If the user chooses to check a fingerprint, the tool presents an "entry" UI instead of a "display" UI. I think I can compare strings faster than I can transcribe them (particularly on a phone or tablet), so a tool that forced me to enter it would be annoying, IMO. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
