E-Mail Encryption: Why Isn't Everyone Doing It?

Mark H. Wood mwood@IUPUI.Edu
Mon Oct 28 16:43:02 2002 

On Thu, 24 Oct 2002, Anthony E. Greene wrote:
[snip interior quote]
> Have you taken a look at the GnuPG manual lately? GnuPG can do lots of
> things that PGP cannot do. There is no way to reproduce all those options
> in a GUI and still have an easy to use interface.

Sure there is.  You put all of the simple, popular stuff on the front of
the interface and provide more-advanced stuff on other tabs, "Advanced"
buttons, wizards, etc. according to the complexity of the material.

>                                                   In the last 24 hours two
> options were added in reponse to a user with a lost public key. If that
> kind of responsiveness had to be put on hold because it would take too
> long to put it into an GUI, then GnuPG would not be as good as it is.

Why should GUI development have any effect on the answering of questions
about the commandline interface?  The GUI goop should just be a wrapper
around the commandline tool.

> In any case, the features you are referring to will not be used by 90%+ of
> users. They will not care about trust values or key management. They won't
> know anything about their keyrings and won't care. Nor should they. This
> stuff does not need a good interface. It needs to drop out of sight. It
> needs to become as transparent and automatic as SSL.

I must disagree.  EVERY feature should have a good user interface.  One of
the things which make a UI good is correctly identifying the "90%+ of
users will never want this" options and placing them on a portion of the
interface which the user must explicitly request.

> People don't care about the interface for managing SSL keys and certs and

I do, and I'm considering writing a comprehensive GUI for the openssl
command which will keep track of all 69,000 options for me so I won't have
to remember or relearn them on the 2-3 occasions every year when I want
them.  Yes, I know it'll be a big job, but I'd happily spend two hours
coding rather than one hour to do the same thing manually, even just to do
it once.

> they shouldn't have to care about the interface for managing OpenPGP keys
> and certs. This stuff should be built into mail software the same way SSL
> is built into browsers.

The way SSL is built into browsers is precisely what makes it not terribly
useful in that setting.  I would like a *lot* more control over this
aspect of my browser; I just don't want it to all spring out at me every
time I select a link.  And I want my email to work similarly.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".