<<< Date Index >>>     <<< Thread Index >>>

Re: Security issue / bad UI design in mutt CVS (encryption options)



On Sat, Aug 07, 2004 at 05:12:34AM +0200, Adeodato Simó wrote:
> * Derek Martin [Sat, 07 Aug 2004 06:17:48 +0900]:
> > Now that I know where to look, I /would/ re-hack up my patch to
> > include all the items it originally did which yours doesn't,
> 
>   well, that's a separate issue. 

It's not a separate issue in my eyes...  The menu is (IMNSHO) badly 
designed, and my patch (IMNSHO) fixes all of the problems associated
with it.

> the specific issue we are talking about, and for which there seems
> to be some agreement (among the ones who talked, though) is just the
> toggleness of the crypt options.

If you mean to say that YOU are talking about, and that YOU agree
with, then fair enough.  If you mean to suggest that there isn't any
agreement with me on the other points, then I'll have to point out
that there most definitely is:

  http://marc.theaimsgroup.com/?l=mutt-dev&m=103669252300336&w=2
  http://marc.theaimsgroup.com/?l=mutt-users&m=109177951323557&w=2
  http://marc.theaimsgroup.com/?l=mutt-dev&m=109178509904738&w=2
  http://marc.theaimsgroup.com/?l=mutt-dev&m=103558942218811&w=2
  http://marc.theaimsgroup.com/?l=mutt-dev&m=103669337201469&w=2
  http://marc.theaimsgroup.com/?l=mutt-dev&m=103671276428228&w=2

And of course the bug reports themselves:

  http://bugs.guug.de/db/10/1022.html
  http://bugs.guug.de/db/15/1579.html
  http://bugs.guug.de/db/16/1608.html
  http://bugs.guug.de/db/18/1870.html                                           

Some relevant excerpts follow.  My favorite is the first one (i.e. the
first link above, since I include his text unattributed -- it was cut
and pasted from the web archives). That's because it's from Michael
Elkins, which in my mind lends it a certain weight (though no one
seems to have agreed with me up to now)...

>Derek Martin wrote:
> > I wrote a patch against Mutt 1.4 that:
> > 
> >  - makes (e)ncrypt set options only to encrypt
> >  - makes (s)ign set options only to sign
> >  - changes "(f)orget it" to (what I think is) the more concise and
> >    sensible (c)lear
> >  - makes (e)ncrypt set options only to encrypt
> > 
> > The primary purpose of the patch is to save keystrokes...  Without
> > this patch, if you want to go from "sign, encrypt" to only one or
> > the other, you must first "(f)orget it", and then select whichever
> > you want.  There's no really good reason for the extra keystrokes;
> > hence the patch.
> > 
> > I also find the "(f)orget it" is neither intuitive, nor concise,
> > and that (c)lear is a better alternative, being both more concise,
> > and more descriptive of what the option actually does.  So I
> > changed it.
> 
> This makes a lot of sense to me.  However, I would like to get other
> people's opinion on this.
  

On Fri, Aug 06, 2004 at 10:04:49AM +0200, Magnus Therning wrote:
[SNIP]
> I have to say I agree 100% percent with Derek. The menu should be made
> clearer. 
[SNIP]
> I would be in favour of having the following menu (almost straight
> copy from below, (c)lear rather then (f)orget):
> 
>   (e) ONLY encrypt the message (i.e. change the options to only
>       encrypt, regardless of what they currently are).
>   (s) ONLY sign the message, regardless of current options.
>   (a) change the key with which to sign, adding the sign option if
>       necessary
>   (b) do both, regardless of current options
>   (i) toggle in-line attachments (but change menu to indicate toggle)
>   (c) clear the encryption options


On Fri, Aug 06, 2004 at 06:37:24PM +0900, TAKAHASHI Tamotsu wrote:
> On Fri, Aug 06, 2004 at 03:04:18PM +0900, Derek Martin wrote:
> 
> > Given the options presented, the most obvious interpretation of what
> > they do is:
[SNIP my interpretation of the menu]
> 
> Yes, that's what I guessed at the first time.
> I thought that the choices "(b)oth" and "(f)orget-it" indicated
> that the other options were simply to overwrite my selection.
> Moreover, toggling is a really dangerous behaviour.
> Even if they have to toggle,
> PGP: Toggle (e)ncrypt, (s)ign or (i)nline, or choose a uid to sign (a)s?
> is sufficient. (72 columns)
> 
> And yes, "plain text" or "clear" is better than "(f)orget-it."
[SNIP]
> Anyway the current behaviour is quite misleading.


-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

Attachment: pgplAVOSNnQZR.pgp
Description: PGP signature