[Nottingham] nonplussed (digital signing)

Jason Irwin jasonirwin73 at gmail.com
Wed Mar 21 16:29:58 UTC 2012


On 21/03/12 16:10, david at gbenet.com wrote:
> All you  have to do is use a nice GUI like GPA or Kgpg - and  not to get too hung up with
> all the stuff that goes on.

I don't want to drag this out further, but when a dialog appears asking
for a passphrase/password with a title
that does not immediately bear any resemblance to the operation in
question (GPG signing) then that is a major problem in my book.  I would
fail this during QA.

> The real focus should be on your keys and importing other
> people's keys.

Hence web or trust, the need for some kind of CA etc. I understand that.

> A few years back people got a lot of emails from david at gbenet.com - but they
> had no digital signature - and thus family and friends were much relieved to know that these
> junk emails were not from me.

Don't get me wrong, I like the idea of signing/encrypting emails to
improve validity and  privacy.  My current annoyance is the
implementation.  It may be technically brilliant under-the-hood, but
from a basic usability and UI viewpoint it is simply dreadful.  We try
and teach users to be circumspect and requests for passwords etc, and
here we have a key application to ensure privacy that goes under about
five different names.  Within one operation!

> Many governments around the world ban the use of public key encryption - even the UK
> government is trying to control it and in the USA.

Yes, RIPA.  And possibly other legislation.

> (Buy a  gun) Ha! Ha! Ha!

Nah, use a blade.  They're quieter and don't need re-loading.

-- 
Jason Irwin



More information about the Nottingham mailing list