[Enigmail] one-and-only-chances to config

Robert J. Hansen rjh at sixdemonbag.org
Thu Jan 1 23:40:01 PST 2009 

George Schoelles wrote:
> <Rant> I as many here started using PGP back in the command-line
> versions,

I started in 1992.  There are likely a few here who can go back all the
way to 1991, when it all began.

> learned the switches and felt fairly secure.  Now along comes a 
> graphical interface that can poke most anything into this secure
> sphere and we are OK with that?

_Yes._

When I was taking my graduate HCI (Human Computer Interactions) courses,
my professor -- a great guy named Juan-Pablo Hourcade -- spent a week
covering an airplane crash that killed a great many people.  The
official cause of the crash was pilot error: there were absolutely no
mechanical problems with the aircraft when it crashed.

However, the cockpit instrumentation was badly designed.  Information
was spread out over too many panels.  The pilot and co-pilot each were
able to, by their own instruments, get a partial picture of the
situation.  If either had known that the other's instruments were
reading, they would've known they were in trouble and would have avoided
the mountain they ultimately crashed into.  But the cockpit was poorly
laid out, and they didn't have ready access to each other's information,
and quite a large number of people died... because of bad user interface.

There are a great many other examples in the literature.  Medical
radiation machines that are prone to fatal misconfigurations due to
confusingly laid out screens, for instance.  Or blood bags which use
fonts in which blood type A looks a lot like blood type B.  Or... etc., etc.

User interface is important.  People who insist "the command line is
good enough for me!" are the same people who advocate for analog
switches and dials in cockpits instead of all-glass cockpits and
multifunction displays.

The GUI is a godsend to user interface because it holds the promise of
being able to convey a lot of information very quickly and in a way
which tremendously enhances the individual's ability to respond easily,
effectively, and quickly.

Our job is to provide a good GUI... which is quite a hard task.

> Take a moment to truly understand PGP, key generation, ciphers and
> what public and private keys are and their use.

If by "moment" you mean "complete a strong undergraduate Computer
Science degree, with some postgraduate work in mathematics," then sure.
That's a lot more moments than most people have the time for.

OpenPGP has a learning curve like the freaking Matterhorn.  It is not
user friendly; it is user sociopathic.  Most security protocols are this
way, in fact -- as bad as the OpenPGP spec is, the X.509 and IPsec
protocols are worse.  But X.509 users aren't expected to understand the
ins and outs of X.509 to make use of X.509.  IPsec users aren't expected
to understand the ins and outs of IPsec.  Hundreds of millions of people
use TCP each day, and perhaps 10,000 worldwide could actually sketch out
from memory a TCP header and draw out a handshake sequence.

End users should not need to be protocol wonks in order to use a
protocol safely and effectively.  Bang, period, end of sentence.  We
don't demand it from any other protocol; why should we demand it of
OpenPGP users?

More information about the Enigmail mailing list