Why 2.1 is delayed for so long
Ximin Luo
infinity0 at pwned.gg
Mon Sep 22 15:56:08 CEST 2014
On 22/09/14 14:48, Robert J. Hansen wrote:
>> they should be named:
>>
>> (1) RSA (for sign+certify) and RSA subkey (for encryption)
>> (2) DSA (for sign+certify) and Elgamal subkey (for encryption)
>> (9) ECC (for sign+certify) and ECC subkey (for encryption)
>>
>> I think this is much clearer. Even for newbies...
>
> I'm (extremely!) reluctant to agree here; I think it's exactly the
> opposite. If I had my way, key generation wouldn't even ask what
> algorithms to use unless the --expert flag was provided.
>
> Two good rules of thumb for UI design:
>
> * Never ask the user to make an irrelevant choice
> * Never ask the user to make a choice with consequences they
> do not or cannot understand
>
I agree with these principles, but I think you are not applying them in the right way. The fact that the user is doing gpg --gen-key already means the choice is relevant, and they can understand the consequences. There are lots of other point-and-click interfaces for GPG for users that "don't care".
There is a third principle:
* Never present to the user a false model of what actually happens.
Too often, I see UI designers who *don't understand what is happening* make bad suggestions in the name of the first two principles, completely inappropriately, which incapacitates the user from making appropriate security decisions.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140922/6490309a/attachment.sig>
More information about the Gnupg-devel
mailing list