On 09/19/15 23:06, Robert J. Hansen wrote: > (Forgive the HTML: this is one of the few times where I think it’s > worthwhile. This email uses color to convey information.) > > So, while relaxing with a good stogie, I started mulling over the UX > problem of communicating information about encryption status, > signatures, validity, and more. I got nowhere, which is when I decided > to burn it all down and start from a clean sheet of paper.
And very successfully. Sometimes the clean sheet of paper is exactly what's needed. I like this suggestion a lot. It is simple, unambiguous, and readable at a glance. Any further information wanted by more technically sophisticated users can be obtained by clicking the item of interest to see more details. I would suggest one slight extension to the scheme: The indicators should be tri-state, not binary. Add a red error state as well as a green 'OK' state and the black 'not present' state. A message which is signed, but by a key that does not match the declared sender, or by a revoked key, would display red Identity. A message which has been signed but the signature does not match the content (i.e, the content has been altered post-signature) would display red for Authenticity. A Privacy red-flag is a little harder to quantify. About the only case I can think of is if a message is encrypted, but with a key that has been revoked or does not match the claimed sender. But this should probably be considered an Authenticity failure. Should a message that is encrypted but unsigned be considered an Authenticity failure - or at least an authenticity warning? -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net