> > A 2: I think we can not use this version, because of the dual key > requirement, therefore A 1 looks as the one to go with. > > If we had more space, I could imagine a third version. Similar to > version 1, but with a checkbox. That checkbox could say "use same > certificate for both encryption and signing". When checked, it would > disable the widgets for configuring the second certificate. By default, > that option were be checked.
That's not true. We *should* have one box for this. We may allow some deep in the bowels of some advanced menu, the ability to select two unrelated certificates for signing/encryption, but for normal operation users should not have to worry about the fact that one cert is encryption and one cert is signing. If your goal is to deploy this to the general populas then we should manage the difference between signing and encryption. For the home user, he should just tell us which 'personality' he wishes to use and let the code manage it. bob
