Re: Security issue / bad UI design in mutt CVS (encryption options)
On Fri, Aug 06, 2004 at 03:04:18PM +0900, Derek Martin wrote:
> Given the options presented, the most obvious interpretation of what
> they do is:
>
> (e) ONLY encrypt the message (i.e. change the options to only
> encrypt, regardless of what they currently are).
> (s) ONLY sign the message, regardless of current options.
> (a) change the key with which to sign, adding the sign option if
> necessary
> (b) do both, regardless of current options
> (i) toggle in-line attachments (but change menu to indicate toggle)
> (f) clear the encryption options
Yes, that's what I guessed at the first time.
I thought that the choices "(b)oth" and "(f)orget-it" indicated
that the other options were simply to overwrite my selection.
Moreover, toggling is a really dangerous behaviour.
Even if they have to toggle,
PGP: Toggle (e)ncrypt, (s)ign or (i)nline, or choose a uid to sign (a)s?
is sufficient. (72 columns)
And yes, "plain text" or "clear" is better than "(f)orget-it."
Ideas:
PGP (e)ncrypt, (s)ign, (b)oth or (c)lear? Or (a)nother signer or
toggle-(i)nline?
(81 columns)
PGP (e)ncrypt/(s)ign/(b)oth/(p)lain? (c)hoose-signer/toggle-(i)nline?
(69 columns)
Anyway the current behaviour is quite misleading.
> I also want to encourage other list members to provide feedback about
> this issue.
Thanks. I agree that this is a security issue.
(not as seriously as you, though)
--
tamo
// I'm using db4-header-cache with no problem so far.