On Thu, 21 Jul 2005, Thor Lancelot Simon wrote:

> In general, a reasonable design method for security applications intended
> to be used by non-experts is to ask, first "what tasks are users likely
> to do" but then, as an essential second step, to ask, "how are users
> likely to do those tasks wrong?"  Then design the system so that there
> is a reasonable "right way" as the default, while the "wrong way" requires
> expert knowledge to do, if it's even possible at all.

My thought on the matter is, first, create a user interface which as
transparently as possible models what's going on inside. In other words,
at least at the base level, you shouldn't be generating a pair of keys
and an identity with one command at all; you should be specifying:

     1. Create a primary key using a given algorithm, key size, expiry
        date, etc.
     2. Create an encryption key using given algorithm, etc., and sign
        it with that primary key.
     3. Create an identity and sign it with that primary key.

After that, you might want a way to script certain of these things
to make it easier to do this kind of stuff in one step. But there,
I'm not really sure. I think a better option would be a good piece of
documentation that walks users through this, step by step, so that as
they create their first keys and identities, and sign things, they begin
to understand what's really going on, so that they have a better basis
from which to make security decisions, when they have to do that.

BTW, I'd be very interested in your ideas on how one should store keys
(the keyring) and trust information, and use the trust information.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA