gnupg-doc 2003.04.06+dak1-1ubuntu1 / usr / share / doc / gnupg-doc / GNU_Privacy_Handbook / html / c569.htm

This file is indexed.

/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/html/c569.htm is in gnupg-doc 2003.04.06+dak1-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Topics</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The GNU Privacy Handbook"
HREF="book1.htm"><LINK
REL="PREVIOUS"
TITLE="Using GnuPG legally"
HREF="x564.htm"><LINK
REL="NEXT"
TITLE="GNU Free Documentation License"
HREF="a597.htm"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The GNU Privacy Handbook</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x564.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="a597.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="MODULES"
></A
>Chapter 5. Topics</H1
><P
>This chapter covers miscellaneous topics that do not fit
elsewhere in the user manual.
As topics are added, they may be collected and factored into chapters
that stand on their own.
If you would like to see a particular topic covered, please suggest it.
Even better, volunteer to write a first draft covering your suggested topic!</P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN574"
>Writing user interfaces</A
></H1
><P
><A
HREF="http://www.cs.cmu.edu/~alma"
TARGET="_top"
>Alma Whitten</A
> and 
<A
HREF="http://www.cs.berkeley.edu/~tygar"
TARGET="_top"
>Doug Tygar</A
> have done a 
<A
HREF="http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html"
TARGET="_top"
>study</A
>
on NAI's PGP 5.0 user interface and came to the conclusion 
that novice users find PGP confusing and frustrating.
In their human factors study, only four out of twelve test subjects
managed to correctly send encrypted email to their team members, 
and three out of twelve emailed the secret without encryption. 
Furthermore, half of the test subjects had a technical background.</P
><P
>These results are not surprising.
PGP 5.0 has a nice user interface that is excellent if you already
understand how public-key encryption works and are familiar with
the web-of-trust key management model specified by OpenPGP.
Unfortunately, novice users understand neither public-key encryption
nor key management, and the user interface does little to help.</P
><P
>You should certainly read Whitten and Tygar's report if you are writing
a user interface.
It gives specific comments from each of the test subjects, and those
details are enlightening. 
For example, it would appear that many of subjects believed that a
message being sent to other people should be encrypted to the test
subject's own public key.
Consider it for a minute, and you will see that it is an easy mistake
to make.
In general, novice users have difficulty understanding the different
roles of the public key and private key when using GnuPG.
As a user interface designer, you should try to make it clear at 
all times when one of the two keys is being used.
You could also use wizards or other common GUI techniques for
guiding the user through common tasks, such as key generation, where
extra steps, such as generating a key revocation certification and 
making a backup, are all but essential for using GnuPG correctly.
Other comments from the paper include the following.
<P
></P
><UL
><LI
><P
>Security is usually a secondary goal; people want to send
email, browse, and so on.  
Do not assume users will be motivated to read manuals or go 
looking for security controls.</P
></LI
><LI
><P
>The security of a networked computer is only as strong as its 
weakest component. 
Users need to be guided to attend to all aspects of their security, 
not left to proceed through random exploration as they might with a 
word processor or a spreadsheet.</P
></LI
><LI
><P
>Consistently use the same terms for the same actions.
Do not alternate between synonyms like ``encrypt'' and 
``encipher''.</P
></LI
><LI
><P
>For inexperienced users, simplify the display. 
Too much information hides the important information.
An initial display configuration could concentrate on giving
the user the correct model of the relationship between public 
and private keys and a clear understanding of the functions 
for acquiring and distributing keys.</P
></LI
></UL
></P
><P
>Designing an effective user interface for key management is even more
difficult.
The OpenPGP web-of-trust model is unfortunately quite obtuse.
For example, the specification imposes three arbitrary trust levels
onto the user: none, marginal, and complete.
All degrees of trust felt by the user must be fit into one of those
three cubbyholes.
The key validation algorithm is also difficult for non-computer scientists
to understand, particularly the notions of ``marginals needed'' and
``completes needed''.
Since the web-of-trust model is well-specified and cannot be changed,
you will have to do your best and design a user interface that helps
to clarify it for the user.
A definite improvement, for example, would be to generate a diagram of how
a key was validated when requested by the user.
Relevant comments from the paper include the following.
<P
></P
><UL
><LI
><P
>Users are likely to be uncertain on how and when to grant accesses.</P
></LI
><LI
><P
>Place a high priority on making sure users understand their
security well enough to prevent them from making potentially
high-cost mistakes.  
Such mistakes include
accidentally deleting the private key,
accidentally publicizing a key, accidentally revoking a key,
forgetting the pass phrase, and failing to back up the key rings.</P
></LI
></UL
></P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x564.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="book1.htm"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="a597.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Using GnuPG legally</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>GNU Free Documentation License</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

APT Browse - Built by Thomas Orozco.