It's great to see S/MIME going into Mozilla. Finally I'll be able to use
Mozilla for both mail and web!
It would be nice for "virality" if users who receive signed email got a
gentle introduction to email security. The way the receiving mail client
handles an incoming signed email has a VERY big impact on the response
of the user. We want the response to be "Great! How do *I* start to sign
my email too?".
We want people who use Mozilla/NS and who receive a signed email to (a)
understand some fairly complex ideas, (b) want to embrace that for
themselves, (c) have a fairly good clue how to do that. That's going to
require more than a padlock!
I send signed email most of the time, and have experienced all the usual
reactions... from "I can't open that attachment (smime.p7s)" to "Outlook
told me not to read your email". The way a person's email client
displays the security-related information when he receives a signed
email has a LOT to do with how that person feels about the technology.
Now, unfortunately, because these ideas ARE complex, there's simply no
way to convey all this information using a lock, or a pen, no matter how
well drawn or well placed they are. That's fine for users comfortable
with the technology, but not for new users. We need a way to convey much
more information for new users, and then to shift to a cleaner or more
subtle (but hence less screen real-estate intensive) view for more
experienced users.
I sort of like the Outlook way. <duck>. I did say "sort of". The first
time you receive a signed or encrypted email, the message doesn't
display in the message pane. What shows is a page explaining some S/MIME
security concepts, and a button which the user can click to view the
actual message. There's a checkbox to turn off this feature once the
user understands WTF is going on. Unfortunately, many people get a big
fright when they see the security message but not the email, and never
actually click on the button. They pick up the phone and accuse the
sender of messing with their computer security. Seriously.
Here are some UI ideas that I hope the team will consider:
(1) A "Security Info Pane" in the Message Contents window
The problem with the Outlook experience is that the message is
completely obscured by the security information. Users take fright at
the security info and never see the message. But perhaps, instead of
taking up the entire message contents pane with the security message, a
slice of the pane could be taken up with some explanatory text, BIG
icons, and a mechanism to prevent the pane from showing for
smarter/sophisticated users. So when I receive signed / encrypted email,
I see the contents of the message AND a substantial explanation of this
new experience, with links that invite me to find out more about this.
The "security info pane" can be turned off simply by checking a checkbox
on it. The info pane could be quite large, because it is only there for
new users and will be turned off as soon as they get the hint.
This gives the "nice introduction with lots of information" but also
allows for "minimalist use of screen real estate for sophisticated users".
I have tried to attach a mockup (apologies to dialup users) which shows
the message security pane. I think it could be even bigger, conveying
lots of information, because the idea is to draw the new user into the
security paradigm to get them to embrace it. ESPECIALLY if we get
no-cost bootstrap capability (like PGP or free S/MIME certs) and because
it can be easily and obviously turned off.
The important thing is that the security info pane AND the message
contents be visible to the user.
Things that could be on the security info pane:
- the fact that the message was signed / encrypted /
signed and encrypted
- big glossy versions of the normal icons (padlock etc)
that appear elsewhere in the UI to "introduce and
explain" them. The smart user will make the connection
between these big icons, the security info pane, and the
small icons that are always visible after the security
info pane has been turned off
- links to more information about message security,
certificates, CA's, best practices, corporate deployment,
PGP vs S/MIME (once PGP is in too ;-) etc.
- a link to the users security preferences in the
preferences UI
- the contents of the certificate used to sign the message
(or a summary/abstract of those contents)
- nice polished background image denoting security / safety
- "X" to close the pane and not show it again ( or perhaps
a checkbox for "Always show this pane")
Hmm... now that I think about it, why not do the same in the browser
window when viewing an SSL-encryped page? As long as the pane can be
turned off easily? Most new users miss the darn padlock and don't learn
to look for it... or understand it.
(2) Sign/encrypt button on message composer toolbar
For discoverability, these should be right there whenever a message is
composed. I agree with Bob that Communicator does an excellent job of
hiding this functionality. Mozilla should shout it from the rooftops ;-)
When a user who does not have a cert tries to sign mail, they can be
shown another nice, gentle introduction to message security, including
where to go to get started themselves... point them at places that give
free certs so there are no obstacles to widespread adoption.
(3) Text Clues
Instead of a pen, perhaps a "Signed" stamp could be used? Or the words
"Digitally Signed" and "Digitally Encrypted" could be put alongside the
icons? I think it is very, very hard to convey the concept of digital
signature to the user using a single icon... I don't think the pen alone
is symbolic enough... perhaps something that suggests "registered mail"
or "certified mail" or "tamperproof mail" would be better... but I'm no
graphic designer.
Cheers!
PS - I don't own a stake in any CA any longer ;-)
