[wheeler@ida.org: PGP User Interface work at CMU.]

Werner Koch wk at gnupg.org
Mon Aug 30 09:11:56 CEST 1999

----- Forwarded message from David Wheeler <wheeler at ida.org> -----

Date: Fri, 27 Aug 1999 11:25:18 -0400 (EDT)
Subject: PGP User Interface work at CMU.

 Dear developers & documentors using/developing open source
OpenPGP (RFC2440)/GnuPG systems:

 Yesterday, at the Usenix Security conference, Alma Whitten revealed
serious problems with a typical graphical user interface for PGP.
She performed a usability evaluation of PGP 5.0 (a commercial product)
with an email client and found that most users couldn't correctly use it.
After 90 minutes of use, only 4 of 12 managed to correctly send
encrypted email to their team members, and 3 of 12 emailed the secret
without encryption!  And half of those users had a technical background!

 If you're developing an open source GUI to PGP,
I urge you to learn from the problems revealed by her usability evaluation.
Let's make sure the open source tools are BETTER.  Besides, it's dangerous
when these tools are misused!  To start, please read her papers at:


 If you're writing PGP-related documentation or FAQs, please include
a reference to her papers; that way others will know about this work
(so they can think about usability too).

 You might also want to contact her.  Her email is alma at cs.cmu.edu, web page:
I suspect she'd be open to helping people "do it right," especially if
she could write a paper on the resulting experience and why it was "right,"
but that's obviously her choice.  I hope there'd be at least a GNOME & KDE
developer using this info (including those working on email clients),
with help from the GnuPG folks to make it all possible.

 Thanks for your time.  I don't have any connection with her, other than
being impressed by the importance of her work.

----- End forwarded message -----

Werner Koch at guug.de           www.gnupg.org           keyid 621CC013

More information about the Gnupg-devel mailing list