Houston, we have a problem

[Kristian Fiskerstrand]

On 09/26/2017 02:15 PM, Andrew Gallagher wrote:
> Absolutely. None of this is an argument against users having to do
> things right. But the way to get users to do things right is to train
> them to do things right from the start - and you do that by railroading
> them down the straight and narrow and not even have the option to do it
> any other way. That way, if the opportunity to do it wrong arises in the
> future their first instinct will be "this isn't how it's supposed to
> happen". If you can't train people personally, you have to write your
> software so that the software trains them.

The users shoudn't browse keyservers at all, so it shouldn't really be
an issue. Linking to get operation to get the public keyblock is just a
convenience.

> 
> WhatsApp gets the UX *very nearly* right. And since everyone and his dog
> now uses it that's the new baseline. If it's easier to do it wrong than


No, that actually is broken by design as it doesn't open up for proper
operational security controls, in particular lack of private key
separation on smartcard and airgapped computer.

> 
>> being able to browse the
>> keyserver directly is too useful for debugging to completely remove
> Indeed, but is it necessary to display the untrustworthy user-ID on
> signatures? The fingerprint should be sufficient.

the name of the primary UID of a signature is irrelevant; if we follow
this argument; (i) until it is verified everything is untrustworthy, so
(ii) the signature itself shouldn't be shown, nor should any of the UIDs
for the public keyblock itself, as the self-signature isn't verified,
and (iii) and the keyserver can't verify it as it isn't a trusted part
of the infrastructure so the user can't know that it isn't a malicious
operator running the specific server.

The only logical consequence from (i)-(iii) is to remove keyservers from
the mix and let users do bilateral exchanges (good luck with revocation
distribution), for the simple reason that SOME users can't do things
right, it has to destroy any chance of a proper security for others.
Which incidentally is similar to a lot of other over-simplification and
interconnections throughout the world, but that is a separate
discussion. Finding the least common denominator and simplify everything
to the absurd, no matter the consequences.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Great things are not accomplished by those who yield to trends and fads
and popular opinion."
(Jack Kerouac)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170926/2edd5a4d/attachment-0001.sig>