UI terminology for calculated validities

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Apr 25 21:14:49 CEST 2014


On 04/22/2014 06:50 PM, Nicolai Josuttis wrote:
>  me: you either can sign the key
>      or trust somebody else who signed the key
>      (such as pgpca at ct.heise.de)
>  he:   Oh, I even registered my email/key there
>        but what else is missing?
>  me: load the key for pgpca at ct.heise.de
>  he:   done, but trust is still missing
>  me: oh, yes, you also have to express trust for this key/owner
> Then it worked ...

did he understand the other consequences of setting ownertrust for
pgpca at ct.heise.de?  It's one thing to say "it worked!" but he may not
understand that whoever controls the pgpca at ct.heise.de can now trick him
into believing any OpenPGP identities that they want.

> That's a summary of learning step by step what has to be done
> to benefit from the web-of-trust
> (and BTW "he" was even an IT guy).
> 
> BTW, the dialog would have been different
>      if I would have used "valid" instead of "trusted".
> E.g. as follows:
>  me: oh, but you need valid(!) keys
>  he:  but they are! Look, neither expired or revoked!
>  me: no, no, valid in the sense that you can trust them
>  he   ah, I need to trust the keys ...

Or, you could have said "you need to validate the certificates" -- i
don't know exactly how the conversation would have followed from there,
but you wouldn't have led him to trust a key that he is not willing to
rely on for certifications.

> The essence, we have to teach is:
> - create a key
> - and then either
>   - exchange the key
>   - and sign then key you got
>     (after validating the fingerprint)
>   or
>   - load the key for pgpca at ct.heise.de
>     or other central "trust agencies"
>   - AND express trust for that key/owner
> 
> Thus, I am really surprised that you suggest to teach "validity"
> instead of "trust".

i don't see how the surprise follows from the ideas above.  trusting a
certificate-signing authority is distinct from validating a certificate.

> And I agree that "owner" make things unnecessary complicated.
> I am more and more convinced that we simply always should
> talk about trust:
> - If I trust the key/owner that/who signs other keys,
>   I can trust these keys and safely use them

But these are distinct concepts.  conflating them by using the same word
does people a disservice.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140425/a59b6af7/attachment.sig>


More information about the Gnupg-users mailing list