On Sat, Mar 02, 2019 at 10:09:32AM -0500, Barry Leiba wrote: > > > > My idea of an ideal end-state for hop-by-hop security for e-mail is > > > > that: > > > > > > See, this is why we often say that IETF folks should not generally try > > > to design UI things: > > > > What on Earth made you choose to be so condescending here? Do I not get > > to express my personal preferences? > > I'm sorry. I didn't mean to condescend, and please accept my apology > for having worded it badly.
Thanks. UI design isn't easy, but *we*, IETF participants, cannot say that we know so little about it that we won't even begin to discuss UI design. I think it would be irresponsible for us to not consider UI issues and design at all. It would also be irresponsible (this must have been your point) to not recognize our limitations here and seek help from domain experts. Our publication process involves reviews and iteration precisely so we can fine-tune such things. > > How about a response to the substantive parts of my post? > > The only part I was addressing was the suggestion of prominent UI > indications, which I do not think is a good thing for the reasons I've > said: Almost all users will not understand at all what the indications > mean, and many will understand incorrectly to the point of being > misinformed by them. So, the UI details can vary. E.g., - The default might be that inbound email delivered with unacceptable security options gets bounced. This is for users like my mom. - A non-default option might be that inbound email delivered with unacceptable security options gets bounced and yet also delivered to a "insecure" or spam folder. This is for users like me. - Yet another non-default option might be that inbound email delivered with unacceptable security options gets delivered anyways and some less-obvious-than-an-insecure-mailfolder UI indicator (the sort you were objecting to) gets set. This also for users like me. Email is insecure today. There's no path to a flag-day cutover to a universe where email is secure. Having no UI indicators of any kind is not going to work for a migration to secure-by-default email. Like it or not, we *do* have UI indicators of this sort for email today. Things like spam folders. Or gmail's warnings about suspicious emails. I don't think we're ready to not have any such indicators. Not on the web, and not for email. Even on the web, we might be removing or de-emphasizing the lock icon, but still you get the "something went wrong" page with a not-easy-to- notice "i know what I'm doing, let me see it anyways" button a few clicks away. Nico -- _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
