UI terminology for calculated validities

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Sat May 3 18:28:56 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 3 May 2014 at 1:53:41 PM, in
<mid:20140503135341.4ca90615 at cerberus.dumain.com>, William Hay wrote:


> I wonder if discussing terminology separate from the
> overall UI is the best idea?

I think the discussion has been of some use in aiding some of us's
understanding, but has gone at least as far as it usefully could.

Provided words/phrases are not recycled in a UI and its FAQ/manual to
mean something different to an already-accepted meaning in the context
of GnuPG/OpenPGP, I think it matters little which words are used to
get across what needs to be conveyed.



> However if we're mucking around with terminology can I
> suggest replacing the terms key signing and
> certificates with the metaphor of 'letters of
> introduction'?
[...]

> Letters of
> introduction are not something one encounters much in
> the modern world one but tying the process to a
> physical analogue might make things easier to
> understand. One could recycle old costume dramas to
> make tutorials.

That is an interesting thought. I wonder how what proportion of the
population would know what it meant, unless it appeared in a book they
studied at school or a film/TV programme they saw last week.



> In normal usage one needs the answer to two questions:
> Can I send private messages to this person? Did this
> message/file come from the person in question?

I would propose a third question: Was the message/file altered in
transit?



> It gets a bit more complicated when managing/signing
> keys  but with a GUI one could just present statements
> about a key for the user to assent (or not to) without
> any need to classify the statement itself.

> I (will not say whether|do not know whether|am quite
> confident that|am very confident that) this key belongs
> to <userid>.

Why ask the certification level? What is this information used for?
Unless it actually has a real use, the user should not be asked to
spend time considering it, it should not be recorded, and certainly
should not be published. If somebody thinks they need this, and knows
why, they should be able to find it in an "expert" mode.

The basic user (and in my opinion, most users) should just have one
question but need to answer it in respect of each UID, something
like:-

"I accept this key for communication with <userid1>. Yes/No"
                                      aka <userid2>. Yes/No"
                                      aka <userid3>. Yes/No"



> Issue letter of introduction: Yes/no?

I think this should also be in an "expert" mode, or at least absent
from a "basic" mode.

And I would prefer something more like "I hereby publicly state that
this key belongs to <userid>. Yes/No" With a Yes/No selector for each
of the UIDs on the key.

The active copy on the user's keyring should get a non-exportable
signature whatever the answer, and for each UID where the user
answered "Yes" a copy bearing the exportable signature on that UID
only should be placed in a message encrypted to that key and
pre-addressed to the email address in that UID.



> Accept introductions made via this key: (No,In concert
> with X others,Yes).

Another I think should possibly not be in the "basic" mode. Does an
absolute beginner really need to be able to nominate trusted
introducers?


- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

1 + 1 = 3, for large values of 1
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlNlGVZXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pBVcEAII7VGBQuIJlBiWbqYbnROpKKba4zNRN+gWR
uN9zmr6C/r6Rkr/YNL4vcyckr2vxxvdCcD17sXpaAK5RI3ltG1JyhFW9P1NXOxWE
6wZKoUEIBc8O8Ba99IIzdBzD7J0VrOfh3xvJgrq/lXAZNNYD4OVUAMQEZS6lzgSe
9ESBdSzz
=kdgF
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list