UI terminology for calculated validities

Peter Lebbing peter at digitalbrains.com
Wed Apr 23 12:36:41 CEST 2014

On 23/04/14 10:08, p.h.delgado at xoxy.net wrote:
> New users that belong to the first kind above should be
> given an option of completely ditching the whole WoT
> superstructure in favour of the independent procurement
> of the key fingerprint

Yes, I think the experience for novice users would be improved if you guide them
towards signing keys directly. Ownertrust, the WoT, being hidden for novice
users might take away enough complexity that you can explain to the novice that
the way to secure communications with someone is meeting up with them, verifying
the fingerprint and making a signature.

I think the word "validity" is still fine for that. I don't think it's difficult
to convey that a key won't be valid until you validated it yourself with the
owner by checking the fingerprint. A key that is expired or revoked might be
called "unusable" if it needs a stronger term than simply "invalid".

This need not be imposed as the default mode: you could ask on first use which
"mode" the user desires, giving a short explanation about the strengths and
weaknesses of different modes, and possibly referring to documentation on-line.
There could be a version of the documentation that completely ignores the WoT
and simply focusses on direct signatures.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list