UI terminology for calculated validities

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 2 05:48:08 CEST 2014

On 05/01/2014 10:02 PM, Hauke Laging wrote:
> Let's not try to protect the users against themselves even in non-
> technical contexts. Your opinion about leaking social information is not 
> better that that of somebody who likes to leak it. The result should not 
> be you making that impossible for him but quite simple: He leaks, you 
> don't.

We're talking about building infrastructure here.  That means that (by
definition) we're making choices for some people who will never know the
details of the infrastructure.

The greater the complexity of the infrastructure, the more fragile it
is, and the more corner cases it's likely to have.

And infrastructure which supports social graph publication is inherently
more leaky than infrastructure which declines to define a way to do so.

I know you and i disagree on this Hauke; it's not the first time.  But i
want to make sure that we build simple authentication infrastructure
where possible, and i want to ensure that we don't make it easy for
users to do things without thinking that might be harmful in the future.

If i was designing a road in a mountainous region, i'd want to build the
road with guard rails too, even though some people might prefer to drive
off the edge.

This discussion has had some interesting highlights for me: including
encouraging avoiding the whole delegated certification infrastructure
itself (encouraging new users to avoid the WoT calculations entirely at
first).  this is good, simplifying stuff.  I *still* haven't heard an
argument that makes sense to me for why the added complexity of
certificate signing policies and certification levels are things that
will help users use these tools.  The added complexity hurts rather than
helps adoption and use.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140501/12bd8886/attachment.sig>

More information about the Gnupg-users mailing list