> The problem runs deeper than UX in plugins for mail clients.
UX runs deeper than software interfaces.
> Identity and key management is really the underlying issue
Yes, that's a UX issue.
So:
- Get GPG key from Facebook (which has them as part of the standard profile today)
- Say to person: you should contact this person by a means you trust and confirm this is their key (since we don't trust anyone by default).
- Once they click OK, they can now send messages to that person.
Nothing stopping other mainstream sites from adding GPG, it's jus that FB is the only one I know of. Obviously GitHub doesn't count since most people aren't software developers.
Well yeah, that's why I addressed it in the post you're replying to. Offline key confirmation is still the best bet for most people, it's just that people don't use it because they don't use crypto because crypto tools are awful.
UX runs deeper than software interfaces.
> Identity and key management is really the underlying issue
Yes, that's a UX issue.
So:
- Get GPG key from Facebook (which has them as part of the standard profile today)
- Say to person: you should contact this person by a means you trust and confirm this is their key (since we don't trust anyone by default).
- Once they click OK, they can now send messages to that person.
Nothing stopping other mainstream sites from adding GPG, it's jus that FB is the only one I know of. Obviously GitHub doesn't count since most people aren't software developers.