UI terminology for calculated validities

Hauke Laging mailinglisten at hauke-laging.de
Tue Apr 22 13:56:03 CEST 2014

Am Di 22.04.2014, 13:36:23 schrieb Nicolai Josuttis:

> For this reason, the terms have to be self describing.
> If if they are not, you need different terminology.

"Self describing" is a hard requirement if the person who shall feel 
that way is not familiar with the technical concepts. It the concepts 
are clear then there is no risk of confusion by terms.

> BTW, which one is it?

Kgpg. Bug report has been made.

> What is so confusing about trust for different thing?

> And I can easily explain that using the term "trust" for both:
> To trust this key, you have to trust the owner that signed it
> (or trust indirectly marginal trusted owners).

You involuntarily show the next terminology problem: owner trust. This 
is not about the owner, it is about the key. This can easily be seen 
from the facts that (a) the same owner can have several keys and (b) 
there are scenarios in which you will not assign the same trust to these 
keys. Thus I recommend to call this "certification trust". The owner is 
an important part of it but not all.

Back to your point: The problem is that most people do not learn crypto 
in a straight, high-quality way. Most people just download the software 
and see what happens. That you could have explained that well in theory 
does not change the practice.

> That's so simple to explain and I doubt that this is hard to
> understand (although still hard to remember).

You could say the same about other aspects of crypto. But: That's not 
the reality we see.

> But it is also important to wrap it by something really easy.

The subject is not easy. Period. You cannot make it easy by wrapping. 
The only thing you can achive that way is an illusion of security.

> As I said, I need some self-intuitive wording for
> what technically is "valid".

I am not a native speaker but "valid" seems quite self-intuitive to me. 
At least about the general idea, not about the technical details, of 
course. But they will never be self-intuitive, they must be learnt.

Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140422/bf9e91ba/attachment.sig>

More information about the Gnupg-users mailing list