But our users know what GnuPG is, and they would, we assume,
trust it without any prompting from us.

As a guy who's been supporting users in communications security issues since 1991, please forgive me for sharing some very hard-earned wisdom.

Never assume anything about your clients. If something is important enough to affect how they communicate, don't assume: ask.

I am too embarrassed to tell you how long it took me to learn that. Please consider learning from my error.

(we also don't want to tell them: install XYZ on your
computer if you want to be able to use what we sent you.

You're already doing that. My MacBook didn't come with GnuPG installed. I had to do that myself. If you have a workflow dependency on GnuPG, you are insisting your users install it.

Attachment: OpenPGP_0x1E7A94D4E87F91D5.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to