Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Destroyed OpenPGP Simplifications (markdown)

Dominik Schürmann 2015-03-15 15:36:40 +01:00
parent 338fe28b81
commit 18e9e076b5
1 changed files with 0 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
OpenPGP-Simplifications.md

@ -1,28 +0,0 @@
### Thesis
* OpenPGP is over-engineered
* Web of Trust has failed
* nobody understands tsigs
* nobody understands different trust levels
### Solution
* Identities **are** certified or **not**
* Alternately, trust is probabilistic. Keys have associated metadata which a potential user may examine to help in deciding whether to use them. Web-of-trust and Keybase-style "proof" data could be included here, and it seems likely that other flavors of such metadata are likely to arrive.
* Hide Web-of-Trust
# Fingerprints and key IDs
* Don't prefix "0x", average users do not understand this
* handle key IDs like telephone numers
* no monospace for key IDs (do you use monospace on telephone numbers? no)
* Key IDs lower case to better differentiate numbers and letters
* Don't show key ids? (https://www.debian-administration.org/users/dkg/weblog/105)
# Key creation
## User ID comments
Considered harmful, so only in advanced key edit.
See https://www.debian-administration.org/users/dkg/weblog/97
## Password meters
* ["How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation."](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final209.pdf)
* "Does my password go up to eleven?: the impact of password meters on password selection"