[OTR-dev] daemon-only?
John W Noerenberg II
jwn2 at ucsd.edu
Thu Feb 7 01:21:18 EST 2008
At 9:55 PM -0800 2/6/08, Alex Black wrote:
>---------------------------------------------
>[][][]
>---------------------------------------------
>[ Do you want to accept an incoming key
>[ from user (blah?)
>[
>[ [ Deny ] [ Accept ]
>---------------------------------------------
It can't be quite this simple, because there has to be a means to
defend against the possible MITM attack. Also, there are
circumstances when one can legitimately generate more than one key.
As a UI designer, you have to consider how to minimize confusion for
the users in those situations.
There also have to be mechanisms to indicate when a session is
private and when it is exposed.
>The rest of the UI (active sessions, etc) is superfluous.
Much of what I see in the UI is an attempt to deal with these issues
I've outlined above. That doesn't necessarily mean I think think
it's a well-executed design. ;-)
More information about the OTR-dev
mailing list