On 09/26/2017 02:15 PM, Andrew Gallagher wrote: > Absolutely. None of this is an argument against users having to do > things right. But the way to get users to do things right is to train > them to do things right from the start - and you do that by railroading > them down the straight and narrow and not even have the option to do it > any other way. That way, if the opportunity to do it wrong arises in the > future their first instinct will be "this isn't how it's supposed to > happen". If you can't train people personally, you have to write your > software so that the software trains them.
The users shoudn't browse keyservers at all, so it shouldn't really be an issue. Linking to get operation to get the public keyblock is just a convenience. > > WhatsApp gets the UX *very nearly* right. And since everyone and his dog > now uses it that's the new baseline. If it's easier to do it wrong than No, that actually is broken by design as it doesn't open up for proper operational security controls, in particular lack of private key separation on smartcard and airgapped computer. > >> being able to browse the >> keyserver directly is too useful for debugging to completely remove > Indeed, but is it necessary to display the untrustworthy user-ID on > signatures? The fingerprint should be sufficient. the name of the primary UID of a signature is irrelevant; if we follow this argument; (i) until it is verified everything is untrustworthy, so (ii) the signature itself shouldn't be shown, nor should any of the UIDs for the public keyblock itself, as the self-signature isn't verified, and (iii) and the keyserver can't verify it as it isn't a trusted part of the infrastructure so the user can't know that it isn't a malicious operator running the specific server. The only logical consequence from (i)-(iii) is to remove keyservers from the mix and let users do bilateral exchanges (good luck with revocation distribution), for the simple reason that SOME users can't do things right, it has to destroy any chance of a proper security for others. Which incidentally is similar to a lot of other over-simplification and interconnections throughout the world, but that is a separate discussion. Finding the least common denominator and simplify everything to the absurd, no matter the consequences. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "Great things are not accomplished by those who yield to trends and fads and popular opinion." (Jack Kerouac)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users