[OTR-users] Re: OTR-users digest, Vol 1 #63 - 3 msgs

[Ryan B. Gould]

i like the third option (to be able to
hide all that stuff.  as far as i am
concerned security should be made
transparent.  it should be made easy.
trying to explain the concepts of keys
(fingerprints) to my sixty-year-old
father is a conversation i do not wish
to have again.

so, yes, an auto-accept checkbox would
be fantastic.

at the same time, as nikita said, the
simple in-conversation message telling
you that you are secure is also very
nice.

i cant tell you how much i appreciate
this OTR stuff.  it makes the world
a better place.

thanks ian, and co..

> So what would people think about this:
>
> - When you receive a new fingerprint, you're notified of this fact  
> (with
>   a dialog box), but it's automatically accepted right away.  [Noting
>   that approximately everyone just clicks "OK" anyway, this doesn't
>   change the usual behaviour.]
>
> - If you *don't* want to accept the fingerprint, you'd have to  
> delete it
>   from your "known fingerprints" list.  Like today, I don't intend for
>   there to be a "known bad fingerprints" list.  [Another option  
> would be
>   for the above dialog to continue to have "accept / not accept"
>   buttons, and clicking the latter would cause the fingerprint to be
>   deleted from the known fingerprints list (it would have been  
> added the
>   moment the dialog popped up).]
>
> - The "private connection established" dialog goes away (or is made
>   optional), but the fingerprint and secure session id that are in  
> there
>   now must still be accessible somehow (clicking the "OTR: Private"
>   button, maybe?).
>