search

mailpile / Mailpile

A free & open modern, fast email client with user-friendly encryption and privacy features
https://mailpile.is
Other
8.81k stars 1.01k forks source link

Update crypto icons on messages as per ModernPGP spec #772

Closed bnvk closed 1 year ago

bnvk commented 10 years ago

At the recent crypto usability conference I attended in SF, we had a PGP working group session at the EFF afterwards, the outcome is a repo working towards standardizing UI aspects of PGP such as display of icons and QR code use.

After roundtable discussion & debates with Peter Eckersley of EFF, @dschuermann from Open Keychain, and @lukele @SteveBell @Mento of GPG Tools- a consensus was reached about how to best unify icon + color use across all 3 projects. The differences of notes from Mailpile's current implementation is:

The working draft + icon image files is at: https://github.com/ModernPGP/icons

smari commented 10 years ago

Awesome!

I'm not sure I like the idea of no icon, because it's good to always have a place to glance and always be able to see what you expect when you do so...

Brennan Novak notifications@github.com wrote:

At the recent crypto usability conference I attended in SF, we had a PGP working group session at the EFF afterwards, the outcome is a repo working towards standardizing UI aspects of PGP such as display of icons and QR code use.

After roundtable discussion & debates with Peter Eckersley of EFF, @dschuermann from Open Keychain, and @lukele @SteveBell @Mento of GPG Tools- a consensus was reached about how to best unify icon + color use across all 3 projects. The differences of notes from Mailpile's current implementation is:

  • Don't display to user when PGP signature has the "error" state as it's programatic error and not helpful to the user in any way
  • The former "error" icon will be used for "unknown" state
  • The former "unknown" icon will be used for "unverified" state
  • Do not display icons on messages with "no encryption" or "no signature" as it will make the presence of icons for other states that much more noticeable while making the UI cleaner when not needed.

The working draft + icon image files is at: https://github.com/ModernPGP/icons

Reply to this email directly or view it on GitHub: https://github.com/pagekite/Mailpile/issues/772

Sent using Mailpile, Free Software from www.mailpile.is

bnvk commented 10 years ago

@smari I know what you mean about the absence of something making people unaware of it perhaps. The thinking of the group re: to "no icon" is modeling it after browser bar SSL, when not browsing the web securely, there is no indicator of such, the security states only appear when there is some security (green lock / orange alert icon). Additionally, most secure text message apps like Telegram, Text Secure only show a lock for encrypted messages, right?

smari commented 10 years ago

The version of Textsecure I'm using shows an unlocked lock icon when sending not encrypted messages, although it shows blank for received messages that weren't encrypted.

Brennan Novak notifications@github.com wrote:

@smari I know what you mean about the absence of something making people unaware of it perhaps. The thinking of the group re: to "no icon" is modeling it after browser bar SSL, when not browsing the web securely, there is no indicator of such, the security states only appear when there is some security (green lock / orange alert icon). Additionally, most secure text message apps like Telegram, Text Secure only show a lock for encrypted messages, right?

Reply to this email directly or view it on GitHub: https://github.com/pagekite/Mailpile/issues/772#issuecomment-48908828

Sent using Mailpile, Free Software from www.mailpile.is

bnvk commented 10 years ago

@smari interesting, I think I was mentally comparing the "received" unencrypted and assuming that was for unencrypted sending as well- not a TextSecure user yet... iOS :/

To be clear, I'm not talking about ditching the "gray unlocked" icon in the composer- there it functions as a button as well as UI signaling about the message state. The ModernPGP decision was JUST regarding on each individual message!

dschuermann commented 10 years ago

Exactly like @brennannovak said. Textsecure shows no icon on plaintext messages, as seen with the first message here: https://lh4.ggpht.com/GtN_lg9Iu-BY0lmdVS9I_s0BrwKO11HbNrz32ilFJBGRx_wDm0ru6IQ6m5ig4WS5sw=h900 So Textsecure also follows the same pattern as Browsers and our proposal. Currently we are only talking about the indicator icon for received messages.