Date: Thu, 14 Mar 2002 02:02:07 -0800 From: Will Price X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) To: pgp-users@cryptorights.org Subject: Re: [PGP-USERS] KM-GUI Reply-To: pgp-users@cryptorights.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Del Torto wrote: > Amusing. This reminds me: I hope the next GUI for PGP Key > Management will improve dramatically on what we've had to date. > PGPkeys, while arguably a better evolution than most attempts, is > IMHO a model for how not to do KM. Yes, I've been saying that for over 3 years. We went through a massive planning process to redesign the entire GUI representation for PGP in June 2000. It was truly beautiful, and we had some really exciting work beginning to take shape. The plans were cancelled in September 2000 when the last regime took over. The only things we were allowed to do since that time are basically items that met two criteria: (1) large corporations had asked for it explicitly, and (2) it could be done quickly so that we could make revenue sooner. Unfortunately, such directives make it almost impossible to innovate. Large customers don't know what they need. They want "security", and they want little things like their exchange server user IDs to get automatically added during key generations. Finding a large customer (because, of course, only large customers matter, right? .... right? ;-) ) with the ability to really understand this stuff such that they could have the vision for the big picture was not going to happen. So, the "customer is always right" philosophy became effectively the downfall of innovation because the customer was too confused simply to say "this is too hard to use, redesign the GUI, and then come back." Even if they could say that, a sales person can't communicate that message back to product development. They'll simply move to the next customer who isn't demanding such massive changes. > For users, crypto should appear[..] The people who need to know what to build, and know how, do know what to build. The problem is arranging for that to happen now that NAI has bailed. > So, I look at the current situation as a marvelous opportunity to > re-think how to do PGP. Lots of people talk quietly of just letting > NAI's PGP die, and I understand their frustration with the lack of > user input on the process (not to mention corporate stonewalling > and disinformation), but we've definitely learned a few things over > the last ten years of making mistakes, so if we can just get some > user-friendly people to build the next generation of PGP, we may > finally get a few things right... or at least make some new > mistakes this time. I'll admit, the concept of "let's start from scratch" is appealing conceptually. It's not so appealing though when you truly understand the scope of the work to do it right. I'll tell you this for sure: it will never happen if we all sit around and wait for volunteer labor to do it. Right now, it's pointless to support a "start from scratch" view because any such effort would not bear fruit for many years. A similarly pointless view is "let's start with GPG." That's the volunteer labor fallacy again. GPG is polluted by the GPL. For those who back such a view, more power to you. Show me that I'm wrong. We must all unite behind the idea of rescuing the PGP code. There are all sorts of methods available to fight for this in an honorable way, and I'm not prepared to recommend one at this point. Do you really want to wait until 2003, 2004, or later for a full-blown MacOS X version of PGP when there is such a product already existing on hard drives at NAI (although none of the authors are still there)? Do you really want to wait for full Windows XP compatibility until 2004? There is a solid year of improvements waiting to be released. Focus on building support for getting PGP out of NAI. If that doesn't happen, then we are about to descend into the dark ages again when PGP was truly a product only for the expert user. Let's use every method available to rescue PGP first. Then, we can proceed with questions like how the user interface can be made simpler. If all else fails, perhaps a new code base will be the only way to move forward, but let us not accept that fate without taking every possible route to avoid it. - -- Will Price Former Director of Engineering, PGP -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.1 iQA/AwUBPJB0eay7FkvPc+xMEQI0PgCgoUFAGaPbeY7+pEFx0a9k6MltPJwAoJOz K/S6EA1ElBcMfE0rfFxH47tw =gTy3 -----END PGP SIGNATURE----- ................................................................... Unsubscribe: Automated Help/Info: List Homepage: List Admin (human): Please do not send administrative commands to the list address! Thanks.