[Enigmail] Proposed policy

LeRoy Cressy ldc at lrcressy.com
Tue Dec 11 14:56:51 PST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> Cristian KLEIN wrote:
>> I don't like this. Signatures can be bad or valid, trusted or
>> untrusted. There is a very clear distinction between these two
>> dimensions.
> 
> Not so clear as you seem to believe--see below.
> 
>> There is a very clear distinction between invalid (i.e.
>> the message has been tampered) and untrusted (i.e. I don't know the
>> trust level of this signature).
> 
> No.  The fact you're getting this wrong is evidence that it's too
> complex to expect people to understand.
> 
> A signature is 'good' if and only if the mathematical transformation
> specified between the hash of the message and the expanded signature
> value is correct.  Otherwise it's 'bad'.
> 
> A signature is 'valid' if and only if it is a good signature coming from
> a certificate which the user has validated.
> 
> A signature is 'trusted' if and only if it is a valid signature coming
> from a person whom the user trusts.
> 
> For instance, I might have validated Snidely Whiplash's certificate, but
> I don't trust him at all.  It would be possible to get a good, valid,
> untrusted signature from him... which is really not a very good
> signature at all.  The word 'good' gets overloaded in so many different
> contexts here.
> 
> The language involved in signatures is far, far too complex.  GnuPG
> itself talks about "keytrust" and "ownertrust" and then makes it all the
> more confusing by ambiguously talking about "trust".  The upshot of it
> is that just figuring out precisely what a signature is, much less what
> it means, requires a level of technical knowledge we cannot expect
> people to understand.
> 
It is my opinion that the majority of users of enigmail have a fairly
comprehensive knowledge of computer security.  The majority of M$
Windows users are totally clueless about computer security until their
system gets broken into.  On the other hand the Windows user that uses a
utility like Enigmail has a far greater appreciation of computer
security than the average user thus you are degrading the expertise of
the Windows user.  The majority of Linux and UNIX users already have a
high appreciation of computer security and have a higher level of
expertise in computer science.

Thus the comment, "requires a level of technical knowledge we cannot
expect people to understand" seems to degrade the competence of the ones
who have installed all of the libraries and utilities that makes
Enigmail work.

>> What should a user understand from „The key is invalid?":
>> * Enigmail failed to parse it.
>> * The message has been tampered.
>> * I don't know the key of George W. Bush.
> 
> The user should understand "for some reason, the key is unusable".
> Which is exactly correct.  The user doesn't need to know more than that.
>  If the key is invalid because it lacks a trusted signature, then put up
> a little button next to it which says "Validate", and have that pop up a
> wizard leading people through the signature process.  Whatever.
> 
>> Having such generic messages for distinct failure cases makes me feel
>> like having Windoz on my computer: „The following error occured:
>> unknown error."
> 
> The difference is that 'unknown error' gives absolutely no help for how
> to remedy the problem.  'The key is invalid' gives quite a lot of help:
> it tells you the problem is with the key and, if the problem is it needs
> a trust signature, it puts up a little button allowing you to remedy the
> problem right there.
> 
>> I would rather add detailed instructions to the Help menu of OpenPGP
>> or perhaps more detailed messages:
> 
> You don't want detailed messages in a summary description.  You want
> summaries in the summary description.  Detailed messages are for help
> files, not to be displayed on the screen with every message displayed.
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail


- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR18VsXlsxrSGsIsqAQjkiRAAlEGIRU8Acoz002gNYFhWqVmMg7aOtmCm
xJriDB/YTmAyJ9D4tO0cHiBqOTzXLdW4ql9DFOg49PHHh/xq4yV53awt0bYXY7wo
DfIpAJaSJFlPVdLC90r0hgTM9aGGklcc573pfki/RQiSvcD3Qrp1E8DI1TaexOnf
8zP4kt0Qaujyq4c6JoJn/BIDHD3ybQrmUhDYKdk2ztXr/e77qi86xyvXlylcV6GD
6cnTNU8Ak2e3uQbq1IWwfzr86rPRsXn0N1/5RvJck/+o3+m5JUgerePdTPwwJ4+f
AfUSluHfq8NPyOvJ9YJYpNAEAI3JMw2mK48SJxdW5eZ3yXEFk5a6zyWCq2CQKAfp
Y4U0R/pr/ybXNLcNzB36x82bIl5LICQIDzNd2OJEIgkDxfZwXwMC2E2SHFGAQeKb
IqyW9W9+K9w62fx3z5y8/h83w7klMcjRRL9vF9I1W/fVWDoRAxiYf+zdNBKO/6Bq
5KdvNOJbVK4nGzLAWZZFnpQK5cTisJfzyh3jOMP1004gBw/MPWg/iIibgs1uxDCA
2a11NnG+ik9wsZLFfbORN2pOR+8yKgnT166krYqfMrIQlXgkvpH+hmJHXswdsvKi
o3XV0DTkXpIlHa4NSuyclL56+CKSz8TOO1dTjwjccICazW4vRGdXcFRJ/MPN4x1l
lilo2fkSrW8=
=U1MK
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list