[Nottingham] nonplussed (digital signing)
Jason Irwin
jasonirwin73 at gmail.com
Wed Mar 21 16:29:58 UTC 2012
On 21/03/12 16:10, david at gbenet.com wrote:
> All you have to do is use a nice GUI like GPA or Kgpg - and not to get too hung up with
> all the stuff that goes on.
I don't want to drag this out further, but when a dialog appears asking
for a passphrase/password with a title
that does not immediately bear any resemblance to the operation in
question (GPG signing) then that is a major problem in my book. I would
fail this during QA.
> The real focus should be on your keys and importing other
> people's keys.
Hence web or trust, the need for some kind of CA etc. I understand that.
> A few years back people got a lot of emails from david at gbenet.com - but they
> had no digital signature - and thus family and friends were much relieved to know that these
> junk emails were not from me.
Don't get me wrong, I like the idea of signing/encrypting emails to
improve validity and privacy. My current annoyance is the
implementation. It may be technically brilliant under-the-hood, but
from a basic usability and UI viewpoint it is simply dreadful. We try
and teach users to be circumspect and requests for passwords etc, and
here we have a key application to ensure privacy that goes under about
five different names. Within one operation!
> Many governments around the world ban the use of public key encryption - even the UK
> government is trying to control it and in the USA.
Yes, RIPA. And possibly other legislation.
> (Buy a gun) Ha! Ha! Ha!
Nah, use a blade. They're quieter and don't need re-loading.
--
Jason Irwin
More information about the Nottingham
mailing list