Subject: Re: BPG call for use cases
To: Manuel Freire <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 07/21/2005 09:17:50
On Thu, Jul 21, 2005 at 11:32:14AM +0200, Manuel Freire wrote:
> we're looking for use cases that would be nice to add to BPG. We'd like
> to know your opinion about which features would you like to be included.
> The current use cases list can be read here:
One thing that should be improved over GnuPG is the generation and
management of common key types. GnuPG has a special hack to simultaneously
make signing and encryption keys for its default key type -- 1024 bit DSA
and ElGamal -- but actually arranging to both sign and encrypt with RSA
keys requires knowledge and care. If you're not very careful, you can
end up creating an RSA encryption key attached to a 1024-bit DSA key, which
is almost certainly not what you want, and not as secure either.
In general, a reasonable design method for security applications intended
to be used by non-experts is to ask, first "what tasks are users likely
to do" but then, as an essential second step, to ask, "how are users
likely to do those tasks wrong?" Then design the system so that there
is a reasonable "right way" as the default, while the "wrong way" requires
expert knowledge to do, if it's even possible at all.
In the specific example I gave above, that means that if you generate a
signing key, you should by default generate an encryption subkey of the
same type and length. It is not difficult, by examining the use of
GnuPG for many common tasks, to find other cases in which there is
significant room for user-interface improvement that will increase the
security of day-to-day use by real users.