what's necessary before new OpenPGP keys are used?

Ben Bucksch ben.bucksch at beonex.com
Fri Dec 6 07:08:19 UTC 2019


On 06.12.19 07:13, Kai Engert wrote:
> On 06.12.19 00:23, Ben Bucksch wrote:
>> You're thinking of yourself and other nerds. Normal users don't have 
>> these thoughts. Average Alice thinks:
>>
>> "What's this strange message? Key? What? The one for my car? Which 
>> key? How am I supposed to know whether it's the right one?"
>>
>> If you say "You should call Bob to verify", she thinks: "Yeah, right. 
>> That's the whole point of email, right? That I have to call people, 
>> right? Stupid stuff! Leave me alone already! I just want to write an 
>> email. I have my heating overcharge bills to worry about and my 
>> stupid room mate, and I don't have time for this nonsense. Where do I 
>> have to click for this to go away?"
>
> The challenge is to develop a UI that works for everyone. A UI that 
> gives advanced users control, while not hindering users who don't want 
> to deal with the details of email encryption.
>
> It sounds like you don't believe we could accomplish that.
>
> Let's not give up before we've tried.


I believe we can. I just think that nagging (for normal situations like 
new communication partners) is going to lose the average user. So, drop 
the questions for normal usage.

Advanced users can enable the extra nagging by toggling a pref.

The only nagging that is really important is when a key *changes*. 
That's the dangerous situation, and we should be alerting there.

But if we had been annoying them for mundane issues before, they won't 
listen for the important alerts, either.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20191206/b9521b93/attachment.html>


More information about the tb-planning mailing list