[OTR-users] Opinions on proposed "unknown fingerprint" behaviour?
Ian Goldberg
ian at cypherpunks.ca
Thu May 19 15:55:58 EDT 2005
The largest usability issue with OTR right now seems to me to be what
happens when you try to talk to someone for the first time. Each side
having to actively accept the other's fingerprint leads to all sorts of
weird behaviours when one side accepts, and then starts typing before
the other side accepts. [Len's bug #1198389 is related to this, as
well.] There's also been call for removing the "Private connection
established" dialog completely.
So what would people think about this:
- When you receive a new fingerprint, you're notified of this fact (with
a dialog box), but it's automatically accepted right away. [Noting
that approximately everyone just clicks "OK" anyway, this doesn't
change the usual behaviour.]
- If you *don't* want to accept the fingerprint, you'd have to delete it
from your "known fingerprints" list. Like today, I don't intend for
there to be a "known bad fingerprints" list. [Another option would be
for the above dialog to continue to have "accept / not accept"
buttons, and clicking the latter would cause the fingerprint to be
deleted from the known fingerprints list (it would have been added the
moment the dialog popped up).]
- The "private connection established" dialog goes away (or is made
optional), but the fingerprint and secure session id that are in there
now must still be accessible somehow (clicking the "OTR: Private"
button, maybe?).
So, comments?
Thanks,
- Ian
More information about the OTR-users
mailing list