On Thu, 24 Jul 2008, Keith Moore wrote:
Tony Finch wrote:
Not if you store the settings that you negotiated the first time
(ssh-style "leap of faith") and allow the user to check the stored
settings.
It seems to me that this defeats the purpose as the whole point of this kind
of "security negotiation" (or most of the point, anyway) is to keep the user
from needing to be aware of such details.
At the moment they have to manually type the details into dialog boxes, so
they are forced to be aware of them. With my design, the MUA fills in the
dialog boxes and users can pay as much or as little attention to them as
they wish. "Allow" does not mean "require". Auto-configuration does not
imply keeping users in the dark.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
SOUTHEAST ICELAND: SOUTHERLY BACKING EASTERLY, 4 OR 5, OCCASIONALLY 6 LATER IN
WEST. MODERATE OR ROUGH. FOG PATCHES. MODERATE OR GOOD, OCCASIONALLY VERY
POOR.