Frederick Roeber wrote:
>...
> Ben wrote:
> >
> > An alternate (non-exclusive) approach would be to have some kind of
> > "key servers", similar to the PGP ones. We could use the LDAP server
>...
> > Problem: What should be done, when no cert can be found? Should the
> > user send unencrpted then? SaveAsDraft, ask recipient for cert
> > manually, then resend?
>...
> > But a dialog has to be answered immediately.
>
> I agree that popups are intrusive. I like the question mark on the
> icon.
`All occurrences of question icon should be removed'
<http://bugzilla.mozilla.org/show_bug.cgi?id=59820>.
> What's the current thinking on popups with "don't show this
> again" buttons? If they're still okay,
I don't think they've ever been generally not-okay. :-) However, you
need to keep in mind three basic rules when using them.
1. You should use wording of the style `[/] Alert me whenever
{situation}', rather than `[ ] Don't show again'. Checkboxes are for
turning things on, not turning things off. And inclusion of wording
describing the situation not only provides unobtrusive help for the
alert, it also helps the user understand exactly how much alertage
would be turned off if she unchecked the checkbox.
2. You should include, somewhere in the Preferences, the ability to
turn the alert back on once it has been turned off. (If you follow
rule (1) above, you can use the same wording for the prefs checkbox
as you use for the alert checkbox.)
3. Beware of the checkbox fallacy -- including such a checkbox only
because a particular alert is annoying. If it's annoying, rather
than adding a checkbox, you should redesign the UI so that the alert
isn't needed in the first place. Alert-whenever checkboxes are only
useful if only *some* people find the alert useful *all* of the
time, not if *all* people find the alert useful only *some* of the
time.
> we could have one of those
> saying to click on the question mark.
To click on the icon itself in the alert? What for? I've never seen any
alert which does that.
> And certainly the form under
> the question mark should have a "defer" option, specifically for
> out-of-band verification.
>...
I'm not sure exactly what you're putting up this particular alert for.
If it's when you're about to send a message, but you lack a key for one
or more of the recipients:
No problem. We put up alerts for other reasons when about to send a
message: the message has no subject line, one or more of the
recipients does not have a valid e-mail address, the user is
cross-posting to too many newsgroups, etc. We can put up an alert
asking for the key, and include the option to send a request for the
key and leave the message in the Outbox until the key arrives.
(Problems which I'd rather not think about until someone is ready to
implement this: What if the key still hasn't arrived, days
afterward? What if only one of 20 recipients is missing a key?)
If it's when someone else asks for your key:
This is a bit more tricky. The ideal implementation would be to have
a separate executable dedicated to listening for such requests --
probably the same executable which is used for checking for new
mail. This can be left running on the user's system all the time,
even when Mozilla is not.
When it gets a request for your certificate, it attracts attention
to itself without annoyingly taking focus -- using the GetAttention
method in XP Toolkit. On giving it focus, you are presented with an
alert asking for permission to send a key to a particular person.
Perhaps there could be settings for this applet to automatically
send a key to anyone who asks, but not to send more than {x} keys
per hour so as to avoid being DoSed, etc.
--
Matthew `mpt' Thomas, Mozilla UI Design component default assignee thing
<http://mozilla.org/>
