Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gpa
GPA development
jan at intevation
Jun 20, 2000, 10:00 AM
Post #1 of 17 (8578 views)
Permalink
Dear all,

we (Bernhard Reiter and myself) have done a short user interface
evalutation of gpa in the current state (CVS 20000620).
This included a comparision with geheimnis and seahorse.
In the following we will discuss some of the results and suggest
a way on how to continue development up to the Linux 2000 conference.

We gave some thoughts about what is actually required
in a typical life with gpg.


a) Keyring management and the management of files management are largely
different tasks. They should be divided into separate tools.

The keyring management is the actual core of a Gnu Privacy Assistant.
It can be called from other modules such as the MUAs.
The mangement of files should be done in the filebrowsers of the window
system you are using. Just as the MUA plug-ins handle the email part.

Note that this might be very difficult in practice.



b) The keyring management dialog should transparently show
all important information in one window.
The interaction with this dialog needs to be more flat, i.e.
less nested dialog windows. Popping up a window for each key is too
much.

One level that can be omitted is the key editor where only
two further information are offered: fingerprint and signatures.
All other information and all actions are already available in
the key ring editor dialog. The two items can be added
in a comfortable way into the key ring editor dialog.

c) key ring editor (towards an application of its own):
1. Menu offering the actions currently available as buttons
(to have them still available via keyboard).
2. Toolbar instead of buttons with nice icons (only
the most common actions).
3. Nice icons in the list e.g. for the trust levels (is supported
by gtk clist).
4. Option to select columns of list to sort by the selected column.
5. Show who the user is (secret key owner or default secret key).
6. Show a nice counter/clock to give a visual impression on the
remaining time of passphrase validity.
7. Automatically disable those buttons that do not make sense
in a specific selection state.

d) Help for novice users:
1. If no gpg is found: tell the user precisely what he/she needs
to do.
2. If no keyring is found: explain precisely the situation and guide
the user through the generation of his/her first key.
3. If a file with an unknown signature is detected, tell the user
precisely what this means and provide or guid through
options to find the corresponding public key and insert
them into the keyring.


So what can we do in the next few days?

I think, we can primarily address the key ring editor and realize some
of the c.n ideas, perhaps not c.6.

d) whould be very nice for Peter's presentation at the LinuxTag,
but I am not sure that it can be established in the short time.
Nonetheless it is what new users are very interested in.

We need the following icons for sure:

general:
Sign
Encrypt
Decrypt

trust levels:
Unknown
don't trust
trust marginally
fully trust

there are many more that we will need, but I am yet not
sure which operation/status we should associated with icons -
certainly it does not make sense to invent an icon for any
operation/status.

My question is now: should I just start working on improvements
as described above and see how far I get until LinuxTag 2000
and should I commit all changes in Exp branch (when they compile
and are stable)?

Cheers

Jan

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/
Re: GPA development [ In reply to ]
wk at gnupg
Jun 20, 2000, 11:24 PM
Post #2 of 17 (8520 views)
Permalink
Hi,

On Tue, 20 Jun 2000, Jan-Oliver Wagner wrote:

> a) Keyring management and the management of files management are largely
> different tasks. They should be divided into separate tools.

Agreed - however it should also work as a standalone tool.

> Note that this might be very difficult in practice.

:-)

> b) The keyring management dialog should transparently show
> all important information in one window.

Not all - Did you read the Whitten report on the PGP GUI.
One important thing is still missing: An option (which is enabled by
default) to suppress most information - the standard mode; the other
information should only be shown in expert mode.

> 6. Show a nice counter/clock to give a visual impression on the
> remaining time of passphrase validity.

I don't understand this. There is no such concept of a passphrase
validity.

> d) Help for novice users:

All are very important.

> So what can we do in the next few days?

I don't know - I will be away from all computing equipment from
tomorrow to Monday morning.

> trust levels:
> Unknown
> don't trust
> trust marginally
> fully trust

Please don't mix up the trust level and the key validity:
I prefer to say "assigned owner trust" for the 4 leveles you give.
They are parameters needed to calcualte the validity of a key - the
answer on the question "how far do you trust the owner of this key to
correctly sign other keys and whether she understands all the
implications" [quite long question and not easy for the user].

For the calculated validity (sometimes also called trut in GnuPG :-()
there should be only 2 values:

o Key is valid
o Key is NOT valid

The use of the term "valid" has been proposed by some folks who
regulary do courses on PGP and this should make it much easier for a
user to understand what this mesag is about (who understands what:
"The key is marginally trusted"? - replace it by the key is NOT
valid).

> and should I commit all changes in Exp branch (when they compile
> and are stable)?

Sure.

Werner


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
Re: GPA development [ In reply to ]
bernhard at intevation
Jun 21, 2000, 1:34 AM
Post #3 of 17 (8519 views)
Permalink
On Wed, Jun 21, 2000 at 08:24:42AM +0200, Werner Koch wrote:
> On Tue, 20 Jun 2000, Jan-Oliver Wagner wrote:
>
> > a) Keyring management and the management of files management are largely
> > different tasks. They should be divided into separate tools.
>
> Agreed - however it should also work as a standalone tool.

That would make one standalone tool for the file management, basically
reimplementing a filebrowser again to be really useful. But you are
right we might need it as an interim solution.

> > Note that this might be very difficult in practice.
> :-)
(This was related to writing plug-in for the filebrowsers on major
platforms.) But the design concept has to be there. Maybe filebrowser
developers will help if they know in detail what functionality they have
to provide.

> > b) The keyring management dialog should transparently show
> > all important information in one window.
>
> Not all - Did you read the Whitten report on the PGP GUI.
> One important thing is still missing: An option (which is enabled by
> default) to suppress most information - the standard mode; the other
> information should only be shown in expert mode.

True. May I should have written: Only the (most) important information.
But it should show it at once, the way it is done now with all the
windows is very cumbersome from a usability perspective.

> > 6. Show a nice counter/clock to give a visual impression on the
> > remaining time of passphrase validity.
>
> I don't understand this. There is no such concept of a passphrase
> validity.

Maybe time of passphrase in memory would be the right expression.
If people start using encryption a lot, they do not want to enter their
passphrase each single time they operate. So we should think about a
place on where to store the passphrase. As we cannot assure secure
connections between plug-ins(MUA and filebrowser) and the main gpa,
each of these applications might need to hold a passphrase for a certain
time. This situation still needs more thinking and engineering.


> > d) Help for novice users:
> All are very important.
>
> > So what can we do in the next few days?
>
> I don't know - I will be away from all computing equipment from
> tomorrow to Monday morning.

We all are on the testing crew, too.

> > trust levels:
> > Unknown
> > don't trust
> > trust marginally
> > fully trust
>
> Please don't mix up the trust level and the key validity:
> I prefer to say "assigned owner trust" for the 4 leveles you give.
> They are parameters needed to calcualte the validity of a key - the
> answer on the question "how far do you trust the owner of this key to
> correctly sign other keys and whether she understands all the
> implications" [quite long question and not easy for the user].
>
> For the calculated validity (sometimes also called trut in GnuPG :-()
> there should be only 2 values:
>
> o Key is valid
> o Key is NOT valid

This is the best concept.
One fundamentally flaw is, that people need to learn about
the trust concept. Otherwise they will not be able to use GPG in a
useful manner in the future. This is a main concept. We cannot hide it
completly. Maybe we should go with at least three different
possibilities so that user start top think about what happens.

We probably do not have time to fully integrate this within the few days
to LinuxTag. So we should add something like color or simple icons
to the owner trust levels and key validity.

>
> The use of the term "valid" has been proposed by some folks who
> regulary do courses on PGP and this should make it much easier for a
> user to understand what this mesag is about (who understands what:
> "The key is marginally trusted"? - replace it by the key is NOT
> valid).

Bernhard

--
Professional Service around Free Software (intevation.net)
The FreeGIS Project (freegis.org)
Association for a Free Informational Infrastructure (ffii.org)
Re: GPA development [ In reply to ]
jan at intevation
Jun 21, 2000, 2:22 AM
Post #4 of 17 (8524 views)
Permalink
On Wed, Jun 21, 2000 at 08:24:42AM +0200, Werner Koch wrote:
> > a) Keyring management and the management of files management are largely
> > different tasks. They should be divided into separate tools.
>
> Agreed - however it should also work as a standalone tool.

OK.

> > b) The keyring management dialog should transparently show
> > all important information in one window.
>
> Not all - Did you read the Whitten report on the PGP GUI.
> One important thing is still missing: An option (which is enabled by
> default) to suppress most information - the standard mode; the other
> information should only be shown in expert mode.

Yes, a expert/novice dual mode concept. I reagrd it quite useful with
gpa as well.

> > 6. Show a nice counter/clock to give a visual impression on the
> > remaining time of passphrase validity.
>
> I don't understand this. There is no such concept of a passphrase
> validity.

oh sorry, my comment was a bit confusing. I just meant the remaining time
a password is still kept when typed in once. The mutt has this option as well.

Jan

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/
Re: GPA development [ In reply to ]
peter at gerwinski
Jun 22, 2000, 7:29 AM
Post #5 of 17 (8518 views)
Permalink
Bernhard Reiter wrote:
> (This was related to writing plug-in for the filebrowsers on major
> platforms.) But the design concept has to be there. Maybe filebrowser
> developers will help if they know in detail what functionality they have
> to provide.

IIRC, file browsers have documented interfaces for such
plug-ins, don't they?

> > > b) The keyring management dialog should transparently show
> > > all important information in one window.
> >
> > Not all - Did you read the Whitten report on the PGP GUI.
> > One important thing is still missing: An option (which is enabled by
> > default) to suppress most information - the standard mode; the other
> > information should only be shown in expert mode.
>
> True. May I should have written: Only the (most) important information.
> But it should show it at once, the way it is done now with all the
> windows is very cumbersome from a usability perspective.

I have my problems with the concepts of "user levels". IMHO the
display of each information should be configurable separately.
In addition, we can provide ready-made profiles for novice,
intermediate, and expert users, but for the real[TM] expert,
customization is most important.

Peter
--
(_G-N-U_) Dr. rer. nat. Peter Gerwinski <peter.gerwinski@g-n-u.de>
o o G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de
Re: GPA development [ In reply to ]
peter at gerwinski
Jun 22, 2000, 7:49 AM
Post #6 of 17 (8518 views)
Permalink
Jan-Oliver Wagner wrote:
>
> b) The keyring management dialog should transparently show
> all important information in one window.
> The interaction with this dialog needs to be more flat, i.e.
> less nested dialog windows. Popping up a window for each key is too
> much.

There must be space for several user IDs and lots of signatures
for each key. Instead of placing them in separate windows you
would favour having two more lists in the public key ring
editor, displaying the signatures and user IDs of the currently
selected key? And an additional line for the fingerprint?

I am not sure which approach is more confusing.

> 3. Nice icons in the list e.g. for the trust levels (is supported
> by gtk clist).

Which sort of icons do you mean? I can imagine that bars or
pie charts can visualize owner trust, but I'd vote against e.g.
faces which do not show a clear order.

> 6. Show a nice counter/clock to give a visual impression on the
> remaining time of passphrase validity.

If someone sees a countdown, he might tend to hurry up to stay
in time - which may lead to errors. Since the result of
"missing the date" is harmless but the effect of an error
induced by hurrying up may be desasterous, I am not sure whether
this is a good idea.

> 7. Automatically disable those buttons that do not make sense
> in a specific selection state.

Agreed (in this point and most others).

> I think, we can primarily address the key ring editor and realize some
> of the c.n ideas, perhaps not c.6.

Replacing the buttons by a menu - if we agree on that - _might_
be possible in this short time. I will try ...

> d) whould be very nice for Peter's presentation at the LinuxTag,
> but I am not sure that it can be established in the short time.
> Nonetheless it is what new users are very interested in.

We have some pop-up boxes that only(?) need to be filled with
contents ...

Any chance for internationalization?

> We need the following icons for sure:
>
> general:
> Sign

My idea: A pen, signing a document.

> Encrypt
> Decrypt

My idea: An arrow indicates that something is being put into
(or taken out of) a letter envelope.

> trust levels:
> Unknown
> don't trust
> trust marginally
> fully trust

My idea: Abstract icons indicating a clear order. (See above.)

> My question is now: should I just start working on improvements
> as described above and see how far I get until LinuxTag 2000
> and should I commit all changes in Exp branch (when they compile
> and are stable)?

I'd like to come to a consensus concerning buttons vs. menus
first, but in any other respect - IMHO, of course (-: Be welcome
to go on.

Peter
--
(_G-N-U_) Dr. rer. nat. Peter Gerwinski <peter.gerwinski@g-n-u.de>
o o G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de
Re: GPA development [ In reply to ]
jan at intevation
Jun 22, 2000, 7:59 AM
Post #7 of 17 (8526 views)
Permalink
On Thu, Jun 22, 2000 at 04:49:30PM +0200, Peter Gerwinski wrote:
> Jan-Oliver Wagner wrote:
> > 3. Nice icons in the list e.g. for the trust levels (is supported
> > by gtk clist).
>
> Which sort of icons do you mean? I can imagine that bars or
> pie charts can visualize owner trust, but I'd vote against e.g.
> faces which do not show a clear order.

> > trust levels:
> > Unknown
> > don't trust
> > trust marginally
> > fully trust
>
> My idea: Abstract icons indicating a clear order. (See above.)

How about this:

unknown ?
dont trust thumb down
marginally thumb vertical
fully thumb up

This just a clear order though not abstracted. We get in trouble when
there will be more than 4 trust levels.

Jan

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/
Re: GPA development [ In reply to ]
peter at gerwinski
Jun 22, 2000, 8:06 AM
Post #8 of 17 (8520 views)
Permalink
Jan-Oliver Wagner wrote:
>
> > > trust levels:
> > > Unknown
> > > don't trust
> > > trust marginally
> > > fully trust
> >
> > My idea: Abstract icons indicating a clear order. (See above.)
>
> How about this:
>
> unknown ?
> dont trust thumb down
> marginally thumb vertical

You mean: thumb horizontal?

> fully thumb up
>
> This just a clear order though not abstracted.

I could live with that. But:

This is about how far you trust in another human. This question
is a very serious one. (Therefore we do not show the ownertrust
in the public key ring editor by default.) The meaning of these
trust levels must never be misunderstood.

For instance, I have a friend whom I really trust in many
respects, but he is completely unexperienced in computers.
Emotionally, I would "have to" assign him a "thumb up".
However the correct assignment would be an emotion-neutral
"trust marginally".

> We get in trouble when
> there will be more than 4 trust levels.

AFAIK, there will not be.

Peter
--
(_G-N-U_) Dr. rer. nat. Peter Gerwinski <peter.gerwinski@g-n-u.de>
o o G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de
Re: GPA development - icons for trust level [ In reply to ]
jan at intevation
Jun 22, 2000, 8:54 AM
Post #9 of 17 (8521 views)
Permalink
On Thu, Jun 22, 2000 at 05:06:55PM +0200, Peter Gerwinski wrote:
> Jan-Oliver Wagner wrote:
> > marginally thumb vertical
>
> You mean: thumb horizontal?

Yes of course :-)

> This is about how far you trust in another human. This question
> is a very serious one. (Therefore we do not show the ownertrust
> in the public key ring editor by default.) The meaning of these
> trust levels must never be misunderstood.

OK.

> For instance, I have a friend whom I really trust in many
> respects, but he is completely unexperienced in computers.
> Emotionally, I would "have to" assign him a "thumb up".
> However the correct assignment would be an emotion-neutral
> "trust marginally".

This must be part of the help-text.

> > We get in trouble when
> > there will be more than 4 trust levels.
>
> AFAIK, there will not be.

So we'll go for the thumbs?

To my mind we should apply the same icons
to the trust levels for owner _and_ for keys.

Are there any reasons why this should not be done?

Jan

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/
Re: GPA development [ In reply to ]
bernhard at intevation
Jun 23, 2000, 7:16 AM
Post #10 of 17 (8525 views)
Permalink
On Thu, Jun 22, 2000 at 04:29:45PM +0200, Peter Gerwinski wrote:
> Bernhard Reiter wrote:
> > (This was related to writing plug-in for the filebrowsers on major
> > platforms.) But the design concept has to be there. Maybe filebrowser
> > developers will help if they know in detail what functionality they have
> > to provide.
>
> IIRC, file browsers have documented interfaces for such
> plug-ins, don't they?

:)

It might need some work to add it to a filebrowser in a useful way.

> > > > b) The keyring management dialog should transparently show
> > > > all important information in one window.
> > >
> > > Not all - Did you read the Whitten report on the PGP GUI.
> > > One important thing is still missing: An option (which is enabled by
> > > default) to suppress most information - the standard mode; the other
> > > information should only be shown in expert mode.
> >
> > True. May I should have written: Only the (most) important information.
> > But it should show it at once, the way it is done now with all the
> > windows is very cumbersome from a usability perspective.
>
> I have my problems with the concepts of "user levels". IMHO the
> display of each information should be configurable separately.
> In addition, we can provide ready-made profiles for novice,
> intermediate, and expert users, but for the real[TM] expert,
> customization is most important.

I am not completely sure about that statement.
Sometimes less configuration possibilities are better and even suit the
experts.

Bernhard
--
Professional Service around Free Software (intevation.net)
The FreeGIS Project (freegis.org)
Association for a Free Informational Infrastructure (ffii.org)
Re: GPA development [ In reply to ]
wk at gnupg
Jun 26, 2000, 1:23 AM
Post #11 of 17 (8514 views)
Permalink
On Thu, 22 Jun 2000, Peter Gerwinski wrote:

> In addition, we can provide ready-made profiles for novice,
> intermediate, and expert users, but for the real[TM] expert,
> customization is most important.

Real experts prefer the command line :-)

Werner


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
Re: GPA development [ In reply to ]
wk at gnupg
Jun 26, 2000, 1:31 AM
Post #12 of 17 (8515 views)
Permalink
On Thu, 22 Jun 2000, Jan-Oliver Wagner wrote:

> unknown ?
> dont trust thumb down
> marginally thumb vertical
> fully thumb up

That is okay. Make the thumb down red.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
Re: GPA development [ In reply to ]
wk at gnupg
Jun 26, 2000, 1:33 AM
Post #13 of 17 (8518 views)
Permalink
On Thu, 22 Jun 2000, Peter Gerwinski wrote:

> For instance, I have a friend whom I really trust in many
> respects, but he is completely unexperienced in computers.
> Emotionally, I would "have to" assign him a "thumb up".
> However the correct assignment would be an emotion-neutral
> "trust marginally".

In most cases it is better to leave it as unknown.

Werner


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
Re: GPA development - icons for trust level [ In reply to ]
wk at gnupg
Jun 26, 2000, 1:37 AM
Post #14 of 17 (8534 views)
Permalink
On Thu, 22 Jun 2000, Jan-Oliver Wagner wrote:

> So we'll go for the thumbs?

Okay.

> To my mind we should apply the same icons
> to the trust levels for owner _and_ for keys.

These are 2 totally different things. For the validity of a key
(what is calculated based on the key signatures and the ownertrusts)
2 levels are needed:

key is KNOWN
key is UNKNOWN.

At least this is suggested for the English version of PGP based on
help desk experience with _many_ users.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
Re: GPA development - icons for trust level [ In reply to ]
jan at intevation
Jun 26, 2000, 2:52 AM
Post #15 of 17 (8534 views)
Permalink
On Mon, Jun 26, 2000 at 10:37:31AM +0200, Werner Koch wrote:
> On Thu, 22 Jun 2000, Jan-Oliver Wagner wrote:
> > To my mind we should apply the same icons
> > to the trust levels for owner _and_ for keys.
>
> These are 2 totally different things. For the validity of a key
> (what is calculated based on the key signatures and the ownertrusts)
> 2 levels are needed:
>
> key is KNOWN
> key is UNKNOWN.

currently gpa applies the same trust levels for both, owner and key trust.
You mean to replace the 4 levels by the two levels 'known','unknown' for the
key trust?

However, still the thumb up/down icons can be applied. I think
we should not use other icons for the key trust than the ones
for the owner trust.

Jan


--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/
Re: GPA development - icons for trust level [ In reply to ]
peter at gerwinski
Jun 26, 2000, 3:01 AM
Post #16 of 17 (8520 views)
Permalink
Jan-Oliver Wagner wrote:
> >
> > key is KNOWN
> > key is UNKNOWN.

You mean: TRUSTED vs. UNTRUSTED (or: KNOWN/UNKNOWN to belong to its owner).

> currently gpa applies the same trust levels for both, owner and key trust.
> You mean to replace the 4 levels by the two levels 'known','unknown' for the
> key trust?

Yes, AFAICS.

> However, still the thumb up/down icons can be applied. I think
> we should not use other icons for the key trust than the ones
> for the owner trust.

I think that these should be separated because both are different
things: Owner trust reflects my personal opinion about other humans
and is _assigned_. Key trust is a property of a thing (the key) and
is _calculated_ (from the owner trust values and other data).

What about a red/green traffic light to show the key trust?
While the thumb belongs to a human (a human says in how far he
trusts in another human), the traffic light is a machine (a machine
calculates in how far some electronic data may be trusted).

Peter
Re: GPA development - icons for trust level [ In reply to ]
peter at gerwinski
Jun 26, 2000, 3:13 AM
Post #17 of 17 (8520 views)
Permalink
Werner Koch wrote:
>
> key is KNOWN
> key is UNKNOWN.
>
> At least this is suggested for the English version of PGP based on
> help desk experience with _many_ users.

Ah - sorry for possible confusion with my last email.
Now I understand why "KNOWN" and "UNKNOWN" are useful termini.

Peter

--
http://home.pages.de/~Peter.Gerwinski/ - G-N-U GmbH: http://www.g-n-u.de
Maintainer GNU Pascal - http://home.pages.de/~GNU-Pascal/ - gpc-19990118
GnuPG key fingerprint: 9E7C 0FC4 8A62 5536 1730 A932 9834 65DB 2143 9422
keys: ftp://ftp.gerwinski.de/pub/keys/ - AntiSpam: http://spam.abuse.net

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal