what's necessary before new OpenPGP keys are used?

Ben Bucksch ben.bucksch at beonex.com
Thu Dec 5 23:23:18 UTC 2019

On 05.12.19 20:42, Kai Engert wrote:
> Alice is given a chance to realize "why am I asked to confirm this? I 
> didn't have to do this before? Oh right, I'm on that new computer. I 
> should verify if I have the right keys. Maybe I should call Bob to 
> verify the key, or have a look on that old laptop if the keys are the 
> same." 

You're thinking of yourself and other nerds. Normal users don't have 
these thoughts. Average Alice thinks:

"What's this strange message? Key? What? The one for my car? Which key? 
How am I supposed to know whether it's the right one?"

If you say "You should call Bob to verify", she thinks: "Yeah, right. 
That's the whole point of email, right? That I have to call people, 
right? Stupid stuff! Leave me alone already! I just want to write an 
email. I have my heating overcharge bills to worry about and my stupid 
room mate, and I don't have time for this nonsense. Where do I have to 
click for this to go away?"

More information about the tb-planning mailing list