Re: [Gajim-devel] Crypto authentication UI

2008-06-13 Thread Yann Leboulanger 
Brendan Taylor wrote:
> My suggestion: If you're in an encrypted chat but you haven't verified
> the identity, overlay a big red question mark on the encryption lock
> icon in the ChatControl and put a tooltip on it explaining the problem.
> Clicking on the question mark pops up a verification dialog (specific to
> whatever end-to-end encryption protocol you're using).
> 
> Good idea? Does it make the potential problem obvious enough to the user?
> Is there a better symbol/place to put the symbol/place to put the button
> for the dialog?

I like the idea: not too intrusive for ppl who don't really care, and
clear enough with the question mark that it's not really secured.

> How does the OpenPGP code handle an unknown key?

In gajim we now don't really care, it's handled by GnuPG itself: if key
is not signed, GnuPG refuses to encrypt, and an error message is shown
in chat conversation textview.
-- 
Yann
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

Re: [Gajim-devel] Crypto authentication UI

2008-06-13 Thread Jonathan Schleifer 
Brendan Taylor <[EMAIL PROTECTED]> wrote:

> My suggestion: If you're in an encrypted chat but you haven't verified
> the identity, overlay a big red question mark on the encryption lock
> icon in the ChatControl and put a tooltip on it explaining the
> problem. Clicking on the question mark pops up a verification dialog
> (specific to whatever end-to-end encryption protocol you're using).

I like this and it's similar to what I wanted to look OTR like when it's
finished.

-- 
Jonathan


signature.asc
Description: PGP signature
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel

[Gajim-devel] Crypto authentication UI

2008-06-12 Thread Brendan Taylor 
We've got two different end-to-end encryption methods and at least one
more on the way (not to mention XTLS, which looks like it's going to
be the new officially-blessed e2ee XEP...)

It would be nice to have a consistent way of telling the user whether
they've authenticated the remote user's identity.

The Esessions implementation pops up a dialog before it lets you chat if
you haven't verified the remote user's identity.
It's not a very good interface.


I like the way OTR did it; it tells you in the ChatControl whether
you've verified identity or not, but doesn't interrupt anything. There's
a menu item that pops up a dialog if you want to do a verification.

My suggestion: If you're in an encrypted chat but you haven't verified
the identity, overlay a big red question mark on the encryption lock
icon in the ChatControl and put a tooltip on it explaining the problem.
Clicking on the question mark pops up a verification dialog (specific to
whatever end-to-end encryption protocol you're using).

Good idea? Does it make the potential problem obvious enough to the user?
Is there a better symbol/place to put the symbol/place to put the button
for the dialog?

How does the OpenPGP code handle an unknown key?


pgpTvAtiq7Cbp.pgp
Description: PGP signature
___
Gajim-devel mailing list
Gajim-devel@gajim.org
https://lists.gajim.org/cgi-bin/listinfo/gajim-devel