UI terminology for calculated validities

William Hay wish at dumain.com
Sat May 3 14:53:41 CEST 2014

On Fri, 25 Apr 2014 11:15:40 +0200
Peter Lebbing <peter at digitalbrains.com> wrote:

> On 25/04/14 00:19, Gabriel Niebler wrote:
> > And "Authenticity" is an equally clear and additionally _intuitive_
> > descriptive name for the same simple, mechanistic concept.
> > "Validity" naturally lends itself to the combination of
> > expiration/revokation status, and should be used for that (if at
> > all).
> I don't think a UI should use both "authentic*" (~ated, ~ity, etc)
> and "valid*", because this might not be confusing to newcomers, it
> would definitely be for people who already know what "valid" means in
> OpenPGP context. I think it's preferable to replace "valid" by
> "authentic" because it conveys the meaning better, but you definitely
> shouldn't then call /something else/ "validity".
> HTH,
> Peter.

I wonder if discussing terminology separate from the overall UI is the
best idea?  I suspect that the more words one makes people learn to use
a technology the fewer people will use it.  If one wants widespread
adoption I think one needs a GUI (phone/tablet or WIMP style) and this
provides more options than the traditional GnuPG dumb terminal
compatible interface.

However if we're mucking around with terminology can I suggest
replacing the terms key signing and certificates with the metaphor of
'letters of introduction'?  Key signing is a confusing mixed metaphor.
I doubt anyone on the list has ever signed a real key -most inks don't
take well to metals. Certificates on the other hand seem more
appropriate for a hierarchical system than WoT. Letters of introduction
are not something one encounters much in the modern world one but tying
the process to a physical analogue might make things easier to
understand. One could recycle old costume dramas to make tutorials.

In normal usage one needs the answer to two questions:
Can I send private messages to this person?
Did this message/file come from the person in question?

The answers can be represented graphically (green tick, red cross).
The sort of person who is interested in the details of how that
particular conclusion was reached can probably be expected to learn the
current terminology.

It gets a bit more complicated when managing/signing keys  but with a
GUI one could just present statements about a key for the user to assent
(or not to) without any need to classify the statement itself.

I (will not say whether|do not know whether|am quite confident that|am
very confident that) this key belongs to <userid>.

Use a drop down menu to choose among the options

Issue letter of introduction: Yes/no?

Accept introductions made via this key: (No,In concert
with X others,Yes).

Certain options (like trust signatures, ultimate trust and accepting
introductions from a key without having validated/authenticated any
userids on it) could be hidden behind an expert mode button. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20140503/95c03a3a/attachment-0001.sig>

More information about the Gnupg-users mailing list