Why 2.1 is delayed for so long

Robert J. Hansen rjh at sixdemonbag.org
Mon Sep 22 15:48:36 CEST 2014


> they should be named:
> 
>    (1) RSA (for sign+certify) and RSA subkey (for encryption)
>    (2) DSA (for sign+certify) and Elgamal subkey (for encryption)
>    (9) ECC (for sign+certify) and ECC subkey (for encryption)
> 
> I think this is much clearer. Even for newbies...

I'm (extremely!) reluctant to agree here; I think it's exactly the
opposite.  If I had my way, key generation wouldn't even ask what
algorithms to use unless the --expert flag was provided.

Two good rules of thumb for UI design:

* Never ask the user to make an irrelevant choice
* Never ask the user to make a choice with consequences they
  do not or cannot understand

Whether one uses RSA/RSA, DSA/Elg or ECC/ECC is completely irrelevant
for the "normal" use case -- someone who cares that their email is
protected with strong cryptography, but doesn't care so much about how.
 Further, the "normal" user isn't going to have any idea what the
differences among RSA, DSA, Elgamal and ECC are, so we shouldn't burden
them with having to make that choice.

In --expert mode we should give the user as much rope as they want to
hang themselves with, but outside of that I think we should move towards
removing irrelevant and/or expert-level choices, not including them.



More information about the Gnupg-devel mailing list