Re: [Enigmail] Key Management Owner Trust
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/09/2015 23:11, Robert J. Hansen wrote: >> The more information that you add to the screens the less of it >> the 'average user' will read. The famous "Click next - next - >> ok" effect. > > Yes, I agree; this is why I'm suggesting reducing the presented > information to whether a signature is present, and how much > confidence Enigmail is placing in the signature. Everything > beyond that would be hidden from the user -- easy to discover > (click on the security notice), but not something the user had to > pay attention to unless they specifically wished. > Another 2c from an average user - In my opinion many (most?) people will only really need lsign - if that means, as it does to me, "I know this person". The full signing ("I have fully verified this person and his signature via official documents") by those who don't understand the implications of it is where the problem lies. Personally, I'd make lsign the default. Anyone who understands enough to know he has a real need for the full signing can easily search menus to find the appropriate link. IOW, both need to be present, but lsign needs to be easiest found. Or am I being too simplistic? BTW, I do like the simplicity of the Details button. Anne -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlX+kTAACgkQj93fyh4cnBf1jACfWz9LdYpZ7xuXJsJPyW6CqWy0 zp4An2yjfgsm4OihOQcgCkxe+AZ1eANf =MRJN -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/09/2015 04:06, Robert J. Hansen wrote: > (Forgive the HTML: this is one of the few times where I think it’s > worthwhile. This email uses color to convey information.) > Sounds really good to me. First impression is clear and to the point. Additional information boxes on request give full explanation. I'm 100% in favour of this. It separates the everyday want-to-know from the "hell, I need to know more about that!". Anne -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlX+lNEACgkQj93fyh4cnBeExgCdGphr6AguJagPAzytpJPPQIM+ TsYAn3fo54aULwY6nYPO/ipyPI7GaReM =QRkB -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
I like your message the terms I've been using -- for this same thing --- are Public Key Encryption (PGP, GPG) provides more than just encryption: it provides Authentication Integrity Security Authentication allows the user to verify with good certainty that a message is in fact from the person who claims to have sent it. i.e. PGP/GPG can defeat attackers who are attempting to impersonate friends, associates, businesses, . this addresses "targeted phishing", man-in-the-middle, and similar attacks Integrity allows the user to be reasonably certain that a message has not been altered either by error or by intent during transmission Security (encryption) allows the user to be reasonably certain that the content of a message has not been disclosed to un-authorized parties during transmission for interested parties this thread will step through the procedures needed to implement Public Key Encryption using GPG2, ENIGMAIL, and Thunderbird. similar processing can be established using Symantec/PGP and MSFT/Outlook. one should note here that no security is possible if the end-point operating software has been compromised by un-authorized programming. one of the critical key points that has been brought out several times in this discussion is -- that we need to select good terms -- and then stick to them . people will catch up and understand, -- given time. one of the errors that has been made in IT over the years is to continuously try to find the perfect words to describe things . we just need good words and then let people catch up and learn what the implications are. the debauch over fake filings if IRS forms 1040 is a perfect example of how badly the entire communication industry needs to "get with the program" her -- if I may avail myself of an old cliche keep up the good work ! this is a vital topic . On 09/19/2015 11:06 PM, Robert J. Hansen wrote: (Forgive the HTML: this is one of the few times where I think it’s worthwhile. This email uses color to convey information.) So, while relaxing with a good stogie, I started mulling over the UX problem of communicating information about encryption status, signatures, validity, and more. I got nowhere, which is when I decided to burn it all down and start from a clean sheet of paper. Enigmail and GnuPG exist to provide the CIA triad. No, not the intelligence agency — Confidentiality, Integrity, and Assurance. Those are the three metrics we need to communicate to the user. So let’s throw out all the language about “untrusted good signature” and start over from scratch: let’s communicate the triad. First things first: rename it, because only hardcore nerds understand what CIA means. (“What’s the difference between integrity and assurance?” is a really common question in undergraduate computer security courses. Even computer science majors who have an interest in this stuff, as evidenced by signing up to take a class in it, generally don’t understand it.) I’m going to rename the triad the PAI triad: Privacy, Authenticity, and Identity. Further, instead of giving incredibly detailed “valid signature but the certificate has not been validated” types of messages, let’s reduce it to binary choices. People like binary choices: they’re easy to understand. Privacy is a binary state: yes the message was private (encrypted), or no it was not. Authenticity is also a binary state: we are confident the message is authentic, or we are not. Identity is also a binary state: we are confident it came from the specified person, or we are not. We can present this information to the user using just three letters in different colors—green for yes, black for no. Imagine, for instance, that we have an untrusted good signature on an unencrypted message. We would then put at the top of the email: Privacy Authenticity Identity Immediately, at a glance, the user can see that the message is not private, is authentic, but we don’t know who it came from. A good signature from a validated certificate, but no encryption, would get marked up as—
Re: [Enigmail] Key Management Owner Trust
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/09/2015 03:17, Phil Stracchino wrote: > On 09/19/15 21:16, David wrote: >>> On 9/19/2015 7:31 PM, Robert J. Hansen wrote: > With respect to your grandma-and-grandpa comment: we are > not interested in aiming Enigmail at people who do not care > about email privacy and have no interest in it. Why would > we? We're not medieval priests preaching the Gospel to the > heathens, infidels, unchurched and unconverted. >>> >>> >>> I see. So instead of a utility that is simple enough for >>> potentially everyone to use for private emails you are looking >>> for a 'just for us really paranoid really smart geeks' >>> application. > Did you really misunderstand the previous statement that badly, or > are you deliberately trolling (again)? > Why is it that whenever someone puts a point of view that is definitively user-level he is accused of trolling? Robert's reply was insulting in the extreme. Like David, I wonder why I try to help by explaining the non-geek viewpoint. Like David, I'll shut up. Anne -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlX+kv8ACgkQj93fyh4cnBfPegCfTmDAc30D7OhZ0x78nsB3cRUj Ic0Amwesv2sz8AtGOVV6AjkmaMMZERBz =Nxqg -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
Hi, On 20.09.15 05:06, Robert J. Hansen wrote: > (Forgive the HTML: this is one of the few times where I think it’s > worthwhile. This email uses color to convey information.) > > (...) > > … Bam. A simple UX that everyone sees, which conveys the most important > information at-a-glance. If more detailed information is needed, we > present it in human-friendly language and embed within the language > links to help people do common tasks related to keys. > > Further, this UX is completely independent of the trust model used by > GnuPG. If you want to use the Web of Trust, no problem. If you have > --trust-model=always set, no problem. If you’re using TOFU, no problem. > > What do y’all think? Wow, I like that very much! This goes into the same direction of the two buttons (sign/encrypt) in the compose window which got really good feedback. It's logical, consequent and simple. You get an overview on first glance. Don't know yet how to display these three items withing the message header, in a graphical sense. I'll make a suggestion. This UI change covers about 90% of daily use and Enigmail can implement it independently and instantly. But I think, we've still got to look into the wording of key details. One of the most misunderstood terms there is "ownertrust". Also - as already pointed out - "validity" is not clear. And: We "sign" messages, but until today we also "sign" a key/certificate, expressing that it belongs to the promised person. The double use of the term "signature" has led to quite frequent misunderstandings. We really should use "certify" for the latter. These new terms should also be used within GnuPG and other OpenPGP clients. Ludwig signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 20.09.15 05:06, Robert J. Hansen wrote: > (Forgive the HTML: this is one of the few times where I think it’s > worthwhile. This email uses color to convey information.) > > So, while relaxing with a good stogie, I started mulling over the > UX problem of communicating information about encryption status, > signatures, validity, and more. I got nowhere, which is when I > decided to burn it all down and start from a clean sheet of paper. > > Enigmail and GnuPG exist to provide the CIA triad. No, not the > intelligence agency — Confidentiality, Integrity, and Assurance. > Those are the three metrics we need to communicate to the user. So > let’s throw out all the language about “untrusted good signature” > and start over from scratch: let’s communicate the triad. > > First things first: rename it, because only hardcore nerds > understand what CIA means. (“What’s the difference between > integrity and assurance?” is a really common question in > undergraduate computer security courses. Even computer science > majors who have an interest in this stuff, as evidenced by signing > up to take a class in it, generally don’t understand it.) I’m > going to rename the triad the PAI triad: Privacy, Authenticity, and > Identity. Further, instead of giving incredibly detailed “valid > signature but the certificate has not been validated” types of > messages, let’s reduce it to binary choices. People like binary > choices: they’re easy to understand. > > * *Privacy* is a binary state: yes the message was private > (encrypted), or no it was not. * *Authenticity*//is also a binary > state: we are confident the message is authentic, or we are not. * > *Identity* is also a binary state: we are confident it came from > the specified person, or we are not. > > > We can present this information to the user using just three > letters in different colors—green for yes, black for no. Imagine, > for instance, that we have an untrusted good signature on an > unencrypted message. We would then put at the top of the email: > > Privacy Authenticity Identity > > > > Immediately, at a glance, the user can see that the message is not > private, is authentic, but we don’t know who it came from. > > A good signature from a validated certificate, but no encryption, > would get marked up as— > > > Privacy Authenticity Identity > > > An encrypted message without a signature would get— > > > Privacy Authenticity Identity > > > An encrypted and signed message from an unknown certificate— > > > Privacy Authenticity Identity > > > And finally, an encrypted and signed message from a validated > certificate— > > > Privacy Authenticity Identity > > > Immediately, right at-a-glance, users get the information that’s of > most use to them: is this message private? Is it authentic? Did > it really come from the person I think it did? If the user wants > to know details about why a particular message was graded in a > particular way, they’d double-click on the header and get a > detailed breakdown of what factors went into each decision. For > instance, Enigmail might display a new window that contained > something like: > > > > * /*Privacy.*// This email was encrypted with your RSA key. > //_Click here_//to open this key in the Key Management window. > Camellia-256 was used for symmetric encryption./ * > /*Authenticity.*// This email was signed; however, the signature > did not check out. The message, the signature, or both, were > altered in transit. This is not necessarily a sign of hostile > action. Sometimes messages get garbled in the process of > transmitting from one system to the next. / * /*Identity.*// This > email claims to be from Robert J. Hansenwith > key ID 0xDEADBEEFDEADBEEF. However, we do not know the signing key > really belongs to this person. If you’re certain the signing key > belongs to this person, //_click here_//and Enigmail will remember > it for the future./ > > > > > > … Bam. A simple UX that everyone sees, which conveys the most > important information at-a-glance. If more detailed information is > needed, we present it in human-friendly language and embed within > the language links to help people do common tasks related to keys. > > Further, this UX is completely independent of the trust model used > by GnuPG. If you want to use the Web of Trust, no problem. If you > have --trust-model=always set, no problem. If you’re using TOFU, > no problem. > > What do y’all think? I like this proposal very much. I can well imagine that we display 3 icons and if you click on any of them, you'll get the detailed information. But I'd suggest also to add the UID of the sender in the message reader pane if the signature can be verified. - -Patrick
Re: [Enigmail] No more "Untrusted Good Signature"s
> if you want a third light it could be for the trust level established > for the senders key: I'm giving a big 'no' to this. White, red, yellow, green, blue? We've just reintroduced "untrusted good signature". We can expect people to understand a binary state, maybe a trinary state -- but a pentastate is just a bad idea. signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key Management Owner Trust
> That said, it's necessary to keep in mind what Enigmail's target > audience is, and that is people who want a simple, usable tool to > encrypt or authenticate their email. I think it should also be said: Enigmail is not an advocacy organization. We don't push anyone to encrypt their email. We don't travel around the country giving speeches about the importance of email encryption. There are groups that do this: the Electronic Frontier Foundation, the Free Software Foundation, the Electronic Privacy Information Center, the Stanford Cybersecurity Center, and more. These groups do excellent work. We're happy they exist. They've got the media contacts, they know how to reach out and evangelize... they do great work for the cause of email privacy. But what all of these groups have in common is: they're lousy at building tools. We're pretty good at building tools, but our rolodex is pretty thin. So we're happy to let these groups evangelize, and we're going to build a great tool for the newly-converted. But we're not interested in doing evangelization ourselves: that's not what we do. Sure, we'll speak at conferences and talk to journalists -- but that's about talking to interested parties, not trying to persuade the uninterested. So when I say we're not interested in converting grandma and grandpa, who currently don't care about email crypto? Absolutely true. We're not. But we wish the EFF, the FSF, EPIC, SCC, and other groups all the luck in the world in convincing grandma and grandpa to start caring. When they do, we'll be here for them. :) signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
very good question to my thinking: if the message is not signed then we do not show any ENIGMAIL information, i.e. ENIGMAIL status information is not presented. if the message is signed then I'm concerned with, first of all did the signature verify, and secondly -- was the signature made by someone I know? the white or the green depends on whether or not I have previously authenticated ("vetted") the senders key. after that I might want to check the trust level I have assigned to that user; perhaps that should be a click-up dialog ( Robert did not like my multi color stack,... and -- that's OK: we are brain-storming here: all ideas need to get onto the table and get discussed so that we can work out what we think will be the best language and display format . I love contributing -- and I don't mind getting stomped on ) On 09/20/2015 01:00 PM, Phil Stracchino wrote: On 09/20/15 08:00, Mike Acker wrote: I'm not sure you need 3 greens though,-- a message for which the signature verifies becomes "authenticated",-- i.e. we are3 assured the message is from the person we think it is from -- the key is when the signature authenticates you, perforce, have also verified integrity ( the accuracy of the document content ) the option of course is PRIVACY, aka encryption I think two greens are enough, then: With no integrity indicator, how do you distinguish between an unsigned message, and one which has been signed but the content of the message has been altered post-signature? ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net -- /Mike signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 09/20/15 08:00, Mike Acker wrote: > I'm not sure you need 3 greens though,-- a message for which the > signature verifies becomes "authenticated",-- i.e. we are3 assured the > message is from the person we think it is from -- > > the key is when the signature authenticates you, perforce, have also > verified integrity ( the accuracy of the document content ) > > the option of course is PRIVACY, aka encryption > > I think two greens are enough, then: > > With no integrity indicator, how do you distinguish between an unsigned message, and one which has been signed but the content of the message has been altered post-signature? -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 09/20/15 14:01, Robert J. Hansen wrote: > The arguments in favor of trinary: > > * Many users are going to want three states even though, IMO, the third > state is useless. > > A bad signature on an email message, contrary to popular belief in the > community, doesn't mean the message was tampered with. 99% of the time > it's evidence the *signature* was tampered with. PGP/MIME is infamous > here: MUAs play hob with attachments and repackage the signature up in > weird ways. So a bad signature, by itself, doesn't tell you anything > about whether the message has been changed. All that a bad signature > tells you is the sender thought the message was important enough to add > an authenticity/identity measure, but authenticity/identity cannot be > assured. And if we're saying "authenticity/identity cannot be assured", > then really, that's no different from no signature at all -- so it > should use the same black text as no signature at all. Actually, I dispute this. There is an important functional, not just human, distinction between 'Sender made no attempt to provide authentication on this message' and 'Sender attempted to provide authentication on this message, *but something went wrong*'. In the latter case, if it is an important communication, you may wish to contact the sender by other means to verify authenticity. In the former case, there is no reason to do so. It could be crucial to know which case is in effect, but we can't expect users to look at the authenticity details on every message to find out whether there was *no* signature or a *failed* (for whatever reason) signature. So we need the interface to let them distinguish at a glance between no signature and failed signature. It is then up to the user to decide whether or not they need to investigate a failed signature further. > So... yeah. My inner crypto nerd says the binary choice is a more > accurate representation of reality. My inner UX geek says the trinary > choice is what users will want and feel more comfortable with. The nerd > and the geek are fighting for control of my soul. :) In this case, I think the crypto nerd has overlooked an important aspect. :) A failed or invalid signature is *cryptographically* equivalent to no signature; but it is not *functionally* equivalent. Because a failed or invalid signature means that the sender *tried* to authenticate the message, implying that it may have been important to do so. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key Management Owner Trust
On 09/20/15 14:05, Anne Wilson wrote: > It's a sad fact that a huge proportion of computer users are woefully > ignorant of security - we'd not be plagued by so many viruses, > trojans, keystroke-recorders and the like if this were not so. Very true. I have encountered problems of this type frequently in a professional capacity. (And also its counterpart, users who throw up all kinds of obfuscation and security-through-obscurity measures that accomplish nothing except to make them *think* that they must now be secure, while making it difficult to maintain their infrastructure and therefore often actually making them *less* secure because security patching doesn't get done.) > Don't > be put off, either, by the grandma and grandpa image - just for the > record, I'm 75 and a great-grandma. That's by the way, though. I was > once asked to do a "using the internet safely" talk to a group of > women, almost all retired or soon to be retired people from > responsible jobs who had used computers in their work for years. It > was a shock to all of us, me as the leader of the group, and them as > the listeners. They were stunned by the number of things I pointed > out to them (with screenshots showing where to look) of which they had > been completely unaware. More power to you! My hat is off to you. :) -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
if you want a third light it could be for the trust level established for the senders key: not signature: pgp wasn't used unknown: message is signed but we have no information about the signer untrusted: messages is signed by a person we recognize but we are not sure if her or she is trustworthy marginal: marginal trust -- ( I don't like this one ) trusted: full trust -- we are willing to accept authentication and trust level information from this source ultimate: show for messages signed by local user usually in the SENT box > > On 09/20/2015 06:51 AM, Patrick Brunschwig wrote: >> On 20.09.15 05:06, Robert J. Hansen wrote: >> > (Forgive the HTML: this is one of the few times where I think it’s >> > worthwhile. This email uses color to convey information.) >> >> > So, while relaxing with a good stogie, I started mulling over the >> > UX problem of communicating information about encryption status, >> > signatures, validity, and more. I got nowhere, which is when I >> > decided to burn it all down and start from a clean sheet of paper. > { snip } > > -- > /Mike > > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net -- /Mike signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key Management Owner Trust
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please, folks. I appreciate that discussion very much. Each single statement. Those of kypto pros, enthusiasts, plain users and noobs. Because the product will be used by all of them. So: stay polite! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQGcBAEBAgAGBQJV/tTdAAoJEKGX32tq4e9WSUQMAKDpCqEtVehSmc0Umd4Q9yox aVld7xYewGnrIKVMu5dnUmEbJRteFO62KxEVSmHIwWX8/GXxtui9NI59GmOm37H5 I84Ak3os+vg74BlQy5w8NRvEmQ1JUGRGNP0qC4+m57qzrfzWW4AjqL9F8n6Ge5ks 9EOYDUmf4yZ9BWTyi009xJrPljmWjmpJI9+2zf02n8EgMApXYKGB+U197wljkS6r fD8vGKrHF/bFrUCL9KmmFGxCpaKL4XlKt8JyvNKoQ7UuUpweEoV4NdPxPvewrE3d /TpU3AK44uHr+49Kzsg56qq8KIjA2zeD+cKLOUHjaCvCPtcv8OEk2qdTG95vA+cQ DxWUBP6ho2fbYJgvEKZgTfru5rGgoTQsHLgJurXVvuk1gS6NwKwle88Yeax+DMRW k+Y3kWHd0WaES+KpNpxuqbDd1dGz17akIRjF3HaCfFqe6PuBpAtdA/lPR3GGR6iG AkDKZMQyIDesopkBn/B3QzZCLS9mgRVGIpN25vjjVg== =uAIE -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Key Management Owner Trust
On 09/20/15 07:05, Anne Wilson wrote: > On 20/09/2015 03:17, Phil Stracchino wrote: >> On 09/19/15 21:16, David wrote: On 9/19/2015 7:31 PM, Robert J. Hansen wrote: >> With respect to your grandma-and-grandpa comment: we are >> not interested in aiming Enigmail at people who do not care >> about email privacy and have no interest in it. Why would >> we? We're not medieval priests preaching the Gospel to the >> heathens, infidels, unchurched and unconverted. I see. So instead of a utility that is simple enough for potentially everyone to use for private emails you are looking for a 'just for us really paranoid really smart geeks' application. >> Did you really misunderstand the previous statement that badly, or >> are you deliberately trolling (again)? > > Why is it that whenever someone puts a point of view that is > definitively user-level he is accused of trolling? Robert's reply was > insulting in the extreme. Like David, I wonder why I try to help by > explaining the non-geek viewpoint. Anne, It's not a question of geek vs. non-geek viewpoint. If the "non-geek" viewpoint didn't matter, we wouldn't be having this whole terminology and user interface discussion right now. That's the whole point of the discussion: to try to devise ways to make Enigmail and its use clearer and simpler to the non-technically-inclined. That said, it's necessary to keep in mind what Enigmail's target audience is, and that is people who want a simple, usable tool to encrypt or authenticate their email. But a crucial part of that is the word *want*. No matter what we do to improve or clarify Enigmail's interface, we're never going to get people to use it who don't *want* to encrypt or authenticate their email in the first place. I may be able to build the world's finest and simplest-to-use artificially-intelligent six-axis CNC milling machine, capable of making things you never even knew you wanted made, but I'm never going to sell you one if you *don't want* a milling machine. And so it is with Enigmail. To try to aim Enigmail at meeting the wants and needs of people who have no interest in email cryptography and don't want to be bothered with it is an effort that is doomed to fail. We can never make Enigmail meet what they want from it, because what they want from it is *not to have to use it*. If we do not start out by recognizing that fact, then we are doomed to fail, because we are aiming at the wrong target. You have declared yourself to be non-technical, a "non-geek". But you are here. You're participating in the discussion. You're trying to present your viewpoint. And your viewpoint is exactly what we want, because *you are the target audience*. Because you *want* what Enigmail can do for you, done for you. If you didn't, you wouldn't be here. But our hypothetical grandma and grandpa who have no interest in any of this new-fangled encryption stuff are not part of the target audience. *Not* because they are non-technical. *Not* because Enigmail does not do simply enough the things that it can do for them. But because *they don't want those things done* in the first place. No matter how hard you work at it, you cannot build the perfect lawnmower for somebody whose principal desire about lawnmowers is to *not own a lawnmower*. Because the only perfect lawnmower for somebody who wants to not own a lawnmower, is no lawnmower. Does this help clarify Robert's point? -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
I'm not sure you need 3 greens though,-- a message for which the signature verifies becomes "authenticated",-- i.e. we are3 assured the message is from the person we think it is from -- the key is when the signature authenticates you, perforce, have also verified integrity ( the accuracy of the document content ) the option of course is PRIVACY, aka encryption I think two greens are enough, then: On 09/20/2015 06:51 AM, Patrick Brunschwig wrote: On 20.09.15 05:06, Robert J. Hansen wrote: > (Forgive the HTML: this is one of the few times where I think it’s > worthwhile. This email uses color to convey information.) > So, while relaxing with a good stogie, I started mulling over the > UX problem of communicating information about encryption status, > signatures, validity, and more. I got nowhere, which is when I > decided to burn it all down and start from a clean sheet of paper. { snip } -- /Mike signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
a few more words about "marginal" tust I would assign marginal trust to (e.g.) x.509 certificates which are signed by "certificate authorities". these are passed out like fliers at the fair creating a huge attack surface. each of us needs only a few of these, one for the credit union, one for (e.g.) Amazon -- just those sites that we do commercial business with . Marginal trust might be OK to browse a news site but that's another topic . getting from marginal trust to full trust requires a SECOND VERIFICATION. In my view this service should be available at local credit unions, perhaps the DMV office -- places that already need to vet and authenticate identification records. we need to extend this to the individual as well, while we're at it -- ENIGMAIL should be able to export a public key onto a USB Thumb drive that the use can take to the Credit Union or DMV -- to get it countersigned -- and uploaded to the key server. this is neede to proceed with PGP security for things like IRS Forms 1040 filings ... a PGP signature is rather more secure than simply knowing the AGI on line 22 from last year's form -- which is a total kindergarten effort at security . On 09/20/2015 08:38 AM, Mike Acker wrote: if you want a third light it could be for the trust level established for the senders key: not signature: pgp wasn't used unknown: message is signed but we have no information about the signer untrusted: messages is signed by a person we recognize but we are not sure if her or she is trustworthy marginal: marginal trust -- ( I don't like this one ) trusted: full trust -- we are willing to accept authentication and trust level information from this source ultimate: show for messages signed by local user usually in the SENT box > > On 09/20/2015 06:51 AM, Patrick Brunschwig wrote: >> On 20.09.15 05:06, Robert J. Hansen wrote: >> > (Forgive the HTML: this is one of the few times where I think it’s >> > worthwhile. This email uses color to convey information.) >> >> > So, while relaxing with a good stogie, I started mulling over the >> > UX problem of communicating information about encryption status, >> > signatures, validity, and more. I got nowhere, which is when I >> > decided to burn it all down and start from a clean sheet of paper. > { snip } > > -- > /Mike > > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net -- /Mike ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net -- /Mike signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 20/09/15 05:06, Robert J. Hansen wrote: > First things first: rename it, because only hardcore nerds understand what CIA > means. (“What’s the difference between integrity and assurance?” is a really > common question in undergraduate computer security courses. Even computer > science majors who have an interest in this stuff, as evidenced by signing up > to > take a class in it, generally don’t understand it.) I’m going to rename the > triad the PAI triad: Privacy, Authenticity, and Identity. Further, instead of > giving incredibly detailed “valid signature but the certificate has not been > validated” types of messages, let’s reduce it to binary choices. People like > binary choices: they’re easy to understand. > > * *Privacy* is a binary state: yes the message was private (encrypted), or > no > it was not. > * *Authenticity*//is also a binary state: we are confident the message is > authentic, or we are not. > * *Identity* is also a binary state: we are confident it came from the > specified person, or we are not. > > > We can present this information to the user using just three letters in > different colors—green for yes, black for no. Imagine, for instance, that we > have an untrusted good signature on an unencrypted message. We would then put > at the top of the email: > > Privacy AuthenticityIdentity > Clear thinking and well presented. I like this idea. Philip signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] No more "Untrusted Good Signature"s
On 09/19/15 23:06, Robert J. Hansen wrote: > (Forgive the HTML: this is one of the few times where I think it’s > worthwhile. This email uses color to convey information.) > > So, while relaxing with a good stogie, I started mulling over the UX > problem of communicating information about encryption status, > signatures, validity, and more. I got nowhere, which is when I decided > to burn it all down and start from a clean sheet of paper. And very successfully. Sometimes the clean sheet of paper is exactly what's needed. I like this suggestion a lot. It is simple, unambiguous, and readable at a glance. Any further information wanted by more technically sophisticated users can be obtained by clicking the item of interest to see more details. I would suggest one slight extension to the scheme: The indicators should be tri-state, not binary. Add a red error state as well as a green 'OK' state and the black 'not present' state. A message which is signed, but by a key that does not match the declared sender, or by a revoked key, would display red Identity. A message which has been signed but the signature does not match the content (i.e, the content has been altered post-signature) would display red for Authenticity. A Privacy red-flag is a little harder to quantify. About the only case I can think of is if a message is encrypted, but with a key that has been revoked or does not match the claimed sender. But this should probably be considered an Authenticity failure. Should a message that is encrypted but unsigned be considered an Authenticity failure - or at least an authenticity warning? -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net