gpg-agent and allow-loopback-pinentry

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Dec 30 23:33:50 CET 2014


On 12/29/2014 09:47 AM, Patrick Brunschwig wrote:
> I'm very happy for gpg-agent and pinentry to handle passphrases for me
> during normal operations.
> 
> However, I disagree with you and Nico concerning key creation. I think
> it makes sense that the dialog presented to the user contains *all*
> required data, including the passphrase. That's what users are used to
> when registering for any service in almost all applications and on
> almost all web sites. And I think it's sensible not to break with this,
> as it will only confuse users.

I can see both sides of this issue, and i wonder if there aren't other
ways to resolve it.

to be honest, when i've watched users set up enigmail with GnuPG for the
first time, they're often confused by the fact of a password for the key
in the first place.

And an OpenPGP key by default is not the same thing as a web service,
either.

Here's a radical (and quite possibly terrible) idea, with the hope of
spurring new thinking:

What about generating the key with no passphrase initially, and
presenting a big "protect this key with a passphrase" button to the user
when no passphrase is set?

The downsides i see are:

 * passphraseless keys will be written to the filesystem and might not
ever be erased.

 * some users will never click the "protect this key with a passphrase"
button.

 * it's not clear to me whether there's an easy way for enigmail to tell
whether the secret key in question has a passphrase set on it or not

but there might be cognitive advantages for new users too: maybe they'd
understand what they're doing more if they have to take an action
explicitly?  This might also make it easier to get more people to use
the tools too, while still enabling people who want to follow stronger
security practices to do so.  yikes, though...

I don't know if there are any usability studies that would help make
this decision easier.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141230/7430892f/attachment.sig>


More information about the Gnupg-devel mailing list