[Gnuk-users] Admin less mode (opt-out possible)

[NIIBE Yutaka]

Hello,

Jan Suhr | Nitrokey <jan at nitrokey.com> wrote:
> I think the only appropriate place would be the "GUI" of GnuPG.

Perhaps.

If it is so important, your company can directly/indirectly contribute
to the GUI and/or usability around GnuPG.

It sounds unfair for me to keep asking to Gnuk development, for overall
usability.

Isn't it the issue of your product support, I wonder.

It is true that software is so flexible to implement many things, and it
is true, we can change Gnuk based on users' usability request.  But Gnuk
has a set of important security decisions.  Changing an important
security design decision, because of bad GUI or bad manual, bad support,
... can't be justified.

> Currently, because users don't know it, it causes more trouble to our
> users than it helps.

Please let users know how Gnuk works.  And most importantly,
please let users know it is Gnuk behind the scene for your product.


> Consequently a compile option (e.g. configure --no-admin-less-mode)
> would help us to prevent such trouble for our users.

That's just complicate things more.  Distributors should let users
know it is compiled with --no-admin-less-mode or not.


			*	*	*

I don't repeat same argument for: "Conditions of use not satisfied"

I'm sad, you don't remember the past discussion.  It was _you_ who
requested the feature of "overriding import", while I explained the
technical reasons, security concerns, and impact of introducing the
feature.

I understand that your priority on usability is good for your customers.

Usability can be improved without decreasing security.


If it is so easy to introduce some change just for usability to crypto
implementation without considering an impact on security, that could be
an effective attack vector.
--