phrase "UNTRUSTED good signature" is dangerously misleading

Ximin Luo infinity0 at gmx.com
Mon Jul 15 00:37:59 CEST 2013


On 14/07/13 19:36, Nicholas Cole wrote:
> 
> 
> 
> On Sun, Jul 14, 2013 at 5:34 PM, Hauke Laging <mailinglisten at hauke-laging.de <mailto:mailinglisten at hauke-laging.de>> wrote:
> 
>     Am So 14.07.2013, 17:05:09 schrieb Werner Koch:
> 
>     > Thus we better don't change something which has done its
>     > job okay for many years.
> 
>     Measured by what? After all the claim of this thread is that it does its job
>     badly.
> 
> 
>     > In any case, the non-experienced user is expected to use a different
>     > user interface than gpg on the command line.  Thus all improvements
>     > should go into the GUI, which has more ways to explain what is going
>     > on.
> 
>     I would accept that as a good solution (would suggest some additions to the
>     documentation, though) but that is obviously conflicting with the Enigmail
>     team's position. But with this clear statement the IMHO only reasonable
>     decision by the Enigmail team is to change their policy.
> 
> 
> I am not sure whether or not the GnuPG messages need to change.  GnuPG itself is often used by people with a good technical knowledge. 
> 
> But I *do* think that front-ends could consider a change in their wording.
> 

I'm persuaded by the argument that the GPG CLI doesn't need to be super-instructive for non-technical users. Anyhow I'll continue pushing Enigmail to improve their phrasing, and I'll still send in that patch for gnupg-doc.

> From a user's perspective, things are much clearer (I suspect) if the word 'signature' is reserved for emails, documents etc.  
> 
> In English, at least, it is surely clearer if we talk about 'certifying' keys, rather than 'signing' them.  This would let us talk about 'uncertified' keys, which I suspect is clearer.  So the message to the user could be: "Good Signature but from an uncertified key" or somesuch.
> 
> I know that, from a technical perspective, a certification is a signature, but from a user's perspective signed data is very different from certifying a key, and the re-use of the same term does cause confusion.
> 

Actually, this more precise terminology already exists, but people don't use it for some reason. Also, when you say "certifying", more precisely you mean a "certifying the validity of" - there are other types of certificates, e.g. trust certificates (tsign).

To save time I'll just link myself :p - https://github.com/infinity0/pubkeys#terminology

> Rather than 'owner trust', or even 'introducer trust' we should talk about whether to trust the certifications provided by a particular key.  Eg: "Trust in Certifications made by this Key: MARGINAL".
> 

This is still problematic as trust signatures could be used to infer trust transitively beyond ownertrusted keys. (Currently this is not done, but potentially could be.) "Trust root" may be better, and hints at the analogous root CAs in the X.509 hierarchy.

> But as Werner rightly points out, there is the issue of how to translate this in to other languages.
> 
> Best wishes,
> 
> N.
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130714/5f623cf8/attachment-0001.sig>


More information about the Gnupg-devel mailing list