-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 17-09-26 09:15 AM, Andrew Gallagher wrote: > On 26/09/17 12:30, Kristian Fiskerstrand wrote: >> On 09/26/2017 01:07 PM, Andrew Gallagher wrote: >>> So SKS should just say "unverified signature from >>> <fingerprint>". It should not repeat the purported user ID, nor >>> provide a search link that returns completely unrelated keys >>> that happen to have the same purported ID. >> >> No, that is also wrong, as it implies that anything is trusted >> unless otherwise stated. A malicious actor can claim it is >> verified all he/she wants (simply removing the disclaimer). > > Um, did you reply to the wrong paragraph? I did mention > disclaimers elsewhere, but only in passing (and tongue in cheek). > My argument is that we shouldn't be displaying unverified > information at all. > >> The user's default position NEEDS to be that nothing is verified >> until it is done locally or by an explicitly trusted third >> party. > > Absolutely. None of this is an argument against users having to do > things right. But the way to get users to do things right is to > train them to do things right from the start - and you do that by > railroading them down the straight and narrow and not even have the > option to do it any other way. That way, if the opportunity to do > it wrong arises in the future their first instinct will be "this > isn't how it's supposed to happen". If you can't train people > personally, you have to write your software so that the software > trains them. > Why? Ultimately are we not all responsible for our own actions? People should be required to make some effort. > WhatsApp gets the UX *very nearly* right. And since everyone and > his dog now uses it that's the new baseline. If it's easier to do > it wrong than in WhatsApp, it's broken. If it's harder to > understand than WhatsApp, it's broken. If you have to read more > instructions than WhatsApp, it's broken. > WhatsApp controls the key material. *Seems* safe so far but who knows. I personally would never put anything truly confidential over WhatsApp. And actually people are supposed to verify that they are messaging who they think they are messaging by doing a comparison of fingerprints or ids or whatever they are called. I only message one person with it so it's been a while since I've had to do it. But I am willing to bet lots of users don't do that verification step. It's a good UX but not perfect. Same goes for GPG in my opinion. It's good but not perfect. It never will be and I don't believe any (security) software will ever have a perfect mix of features for all users and use cases out of the "box" > It's no good implementing something correctly if it can be applied > incorrectly. Murphy's Law applies. > I don't want my software or its developers acting like my big brother! >> being able to browse the keyserver directly is too useful for >> debugging to completely remove > > Indeed, but is it necessary to display the untrustworthy user-ID > on signatures? The fingerprint should be sufficient. > > > > _______________________________________________ Gnupg-users mailing > list Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Best Regards, Duane - -- Duane Whitty du...@nofroth.com -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZykjZAAoJEOJfpr8UVxtkeY4IAKL6A0KqGm85yzSrEh6Stj5z sC86fbEtP/xXkrbYdUDVfkEYuj3AqkNL+E4AaJXO0xT8limk4COMRwl8346V9J7O dzNIjdHAXU0iGrIBxj+CWILyY4qxTnmDar9ef+7lKxFAbJ8pUBJVxzeh0Ci2Al2L hYXhWBrCyjqHqbMmAB/JaUBJy4BTCHNAFy704rblB2ZbqKAqbQpaTP+Jx14HWCQG saSZn8qZwbiAnVcX4vUzssOi5Ls81eEU4W5GPGOqw7u5CvyadgXuJB8578B3qjHH I9JQAIom6xrw3V8USwqsBCO4W9v3+C3fcT1WXivOJsZbKqJDRodjtBrxvKuI1/k= =oYMp -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users