But our users know what GnuPG is, and they would, we assume, trust it without any prompting from us.
As a guy who's been supporting users in communications security issues since 1991, please forgive me for sharing some very hard-earned wisdom.
Never assume anything about your clients. If something is important enough to affect how they communicate, don't assume: ask.
I am too embarrassed to tell you how long it took me to learn that. Please consider learning from my error.
(we also don't want to tell them: install XYZ on your computer if you want to be able to use what we sent you.
You're already doing that. My MacBook didn't come with GnuPG installed. I had to do that myself. If you have a workflow dependency on GnuPG, you are insisting your users install it.
OpenPGP_0x1E7A94D4E87F91D5.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users