UI terminology for calculated validities
gabriel.niebler at gmail.com
Wed Apr 23 23:00:41 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
tl;dr: "validity" is confusing, please consider using "ownership" or
"authenticity" for same concept.
it seems to me that the problem here is mainly one of semantics. The
technical concepts are clear to everyone involved, the question is how
to name and explain them so they can be readily understood -
especially by novices and non-technical users.
To this end, I would like to add two points:
1) I believe that the word "validity" is a poor choice for how it is
used at present (i.e. the assignment of faith in the identity of the
key's purported owner), because it gets people thinking along the
The average layperson already has a concept of "validity" from such
things as credit cards ("valid thru"), mass transit tickets ("not
valid unless stamped") and passports ("valid from ... until ...", also
made invalid when one gets a new one). These pre-existing notions,
which are impossible to rub out, naturally translate to _expiration_
and _revocation_ of keys, NOT to the question who the key really
belongs to. Technically inclined people have a second association with
the word "valid", more akin to "well-formed" ("is this valid XML?"),
which naturally translates to whether e.g. a given version and
implementation of OpenPGP can understand a given key etc. and, again,
does NOT translate to the question of the key holder's true identity.
Hence the confusion.
What makes it worse is that in the above examples, i.e. the cases
people are familiar with, validity can usually be determined from the
document itself (here that would be the key), or at worst the system
that works with the document (here that would be GnuPG), but neither
is the case with key ownership. Instead, it is a determination only
the user can make (possibly through intermediaries, with the WoT).
Simply put, the word "validity" already means something to most
people, but it was taken and redefined to mean something else in the
context of asymmetric encryption keys - it's a bit like making a
calculator and using the '+' sign for multiplication: it will do the
correct thing and it's all in the manual, but it's still horribly
Therefore, I propose that the word "validity" is not chosen well for
what it now means in GnuPG, because it carries with it connotations
that are quite different from the intended meaning, which is
confusing. And thus a better, clearer word should be found and used in
future. Which word is obviously a matter for debate.
2) There are words that are already used to describe the right sort of
relation between an object and a person, or between a document and an
identity, and thus convey the right sort of meaning. The two best
examples that came to my mind (so far) are:
a) "ownership" and b) "authenticity".
Ad (a): A user wants to know whether the key they obtained is really
_owned_ by the person whose UserID(s) came with it. Instead of saying
the UserID is "invalid", the UI may warn that the UserID's "ownership"
is unconfirmed/has not been confirmed and may even say "this UserID
could be (a) fake". A GUI button could read "Sign to confirm
ownership" and open a dialogue that further asks "Are you (reasonably)
sure/certain/confident that the key with fingerprint ... belongs to
<UserID>?" and then maybe have a link "How do I check this?" to some
explanatory text, below. GnuPG options could be renamed
Ad (b): A user wants to know whether a key is authentic, i.e. the
identity of the person it belongs to is that given in the UserID(s).
Instead of saying the key is "invalid", the UI may warn that its
"authenticity" is unknown/unconfirmed or that the key is "possibly
FAKE". A GUI button could read "Sign to authenticate" and open a
dialogue like above. GnuPG options could be renamed "show-uid-authenticity".
This language is very similar to the one we use for passports, ID
cards etc. and I believe this is a good thing, because the
understanding carries over:
My government issued passport is authentic and I own it, because it's
really me on the picture and that's my name and there's my date of
birth and these things can be checked, if needs be. But it may well be
invalid, because it expired or I got issued a new one and they punched
a hole through my old document. Likewise, my key is authentic and I
own it, because that's my name and email address in the UserID and
this can be checked by anyone who knows me with the help of my
fingerprint. But it may well be invalid, because it expired or I
A fake or stolen passport OTOH is valid, near as anyone can tell,
based on the expiration date printed in it, but if it's fake it's not
authentic and if it's stolen then the person carrying it is not the
owner. Likewise, a fake or "stolen" (copied) key is still valid, as
long as it hasn't expired or been revoked, but if it's fake it's not
authentic, and if it's been stolen then the person I'm talking to may
not be the owner.
The customs agent at the border checks both validity and
ownership/authenticity and so do we with UserIDs on keys.
Validity, in the sense of expiration and revocation status, can be
checked more or less automatically with the help of key servers (just
like the expiration date can be read by machine with with OCR or
RFID), but ownership/authenticity must be checked manually (or by WoT)
If you've made it this far, please also note that the word "trust"
was completely avoided in the above wall of text. No collision of
meaning with the WoT's concept of ownertrust.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Gnupg-users