Why 2.1 is delayed for so long

Ximin Luo infinity0 at pwned.gg
Mon Sep 22 15:56:08 CEST 2014


On 22/09/14 14:48, Robert J. Hansen wrote:
>> they should be named:
>>
>>    (1) RSA (for sign+certify) and RSA subkey (for encryption)
>>    (2) DSA (for sign+certify) and Elgamal subkey (for encryption)
>>    (9) ECC (for sign+certify) and ECC subkey (for encryption)
>>
>> I think this is much clearer. Even for newbies...
> 
> I'm (extremely!) reluctant to agree here; I think it's exactly the
> opposite.  If I had my way, key generation wouldn't even ask what
> algorithms to use unless the --expert flag was provided.
> 
> Two good rules of thumb for UI design:
> 
> * Never ask the user to make an irrelevant choice
> * Never ask the user to make a choice with consequences they
>   do not or cannot understand
> 

I agree with these principles, but I think you are not applying them in the right way. The fact that the user is doing gpg --gen-key already means the choice is relevant, and they can understand the consequences. There are lots of other point-and-click interfaces for GPG for users that "don't care".

There is a third principle:

* Never present to the user a false model of what actually happens.

Too often, I see UI designers who *don't understand what is happening* make bad suggestions in the name of the first two principles, completely inappropriately, which incapacitates the user from making appropriate security decisions.

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140922/6490309a/attachment.sig>


More information about the Gnupg-devel mailing list