[Gajim-devel] Crypto authentication UI

Brendan Taylor whateley at gmail.com
Fri Jun 13 02:32:59 CEST 2008

We've got two different end-to-end encryption methods and at least one
more on the way (not to mention XTLS, which looks like it's going to
be the new officially-blessed e2ee XEP...)

It would be nice to have a consistent way of telling the user whether
they've authenticated the remote user's identity.

The Esessions implementation pops up a dialog before it lets you chat if
you haven't verified the remote user's identity.
It's not a very good interface.

I like the way OTR did it; it tells you in the ChatControl whether
you've verified identity or not, but doesn't interrupt anything. There's
a menu item that pops up a dialog if you want to do a verification.

My suggestion: If you're in an encrypted chat but you haven't verified
the identity, overlay a big red question mark on the encryption lock
icon in the ChatControl and put a tooltip on it explaining the problem.
Clicking on the question mark pops up a verification dialog (specific to
whatever end-to-end encryption protocol you're using).

Good idea? Does it make the potential problem obvious enough to the user?
Is there a better symbol/place to put the symbol/place to put the button
for the dialog?

How does the OpenPGP code handle an unknown key?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://www.lagaule.org/pipermail/gajim-devel/attachments/20080612/3d385b59/attachment.pgp>

More information about the Gajim-devel mailing list