[Enigmail] Proposed policy
Cristian KLEIN
cristiklein at gmail.com
Tue Dec 11 09:53:15 PST 2007
2007/12/11, Robert J. Hansen <rjh at sixdemonbag.org>:
[snip]
> Compare:
>
> "UNTRUSTED Good signature from George W. Bush <w at whitehouse.gov>"
>
> "The key 'George W. Bush <w at whitehouse.gov>' is invalid. The signature
> cannot be checked."
>
> Imagine you're dropping a newbie down in front of those two error
> messages. Ask them to describe, in their own words, what each sentence
> means. Which one do you think will be closer to the actual meaning we
> want to convey to them?
I don't like this. Signatures can be bad or valid, trusted or
untrusted. There is a very clear distinction between these two
dimensions. There is a very clear distinction between invalid (i.e.
the message has been tampered) and untrusted (i.e. I don't know the
trust level of this signature).
What should a user understand from „The key is invalid?":
* Enigmail failed to parse it.
* The message has been tampered.
* I don't know the key of George W. Bush.
Having such generic messages for distinct failure cases makes me feel
like having Windoz on my computer: „The following error occured:
unknown error."
I would rather add detailed instructions to the Help menu of OpenPGP
or perhaps more detailed messages:
"UNTRUSTED Good signature from George W. Bush <w at whitehouse.gov>. This
means that the message is correctly signed and the signature matches
the contents, but you haven't seen this signature before. It might
belong to GWB or it might not."
The problem is that Enigmail messages are one line long. I don't know
how such messages would fit in.
More information about the Enigmail
mailing list