> I'm actually concerned that none of this is
> relevant without a major UI overhaul that requires user transcription
> (or at least copy/paste from some other source) instead of user
> comparison.  Transcription requires active participation *in order to
> get to the activity that they want to do*, instead of just "click yes to
> confirm", or any sort of after-the-fact steps (which will probably never
> get taken).
> I like the idea of trying to run such a study.  I'm also interested in
> studies that compare specific interaction modes against one another,
> though.  A tool that says "you can't send person X an encrypted e-mail
> until you have typed or pasted or QR-scanned their fingerprint" (which
> is remembered by your mail user agent thereafter for future sessions) is
> radically different than one that says "is this fingerprint correct for
> this person?"
> Is it possible that a good, usable tool could avoid ever showing
> fingerprints (or parts of fingerprints) of unverified keys, to ensure
> that the user has to actively confirm them from some external source?

I read this as two different proposals:

(A)  Users aren't able to communicate unless they enter each other's
public-key fingerprint.  That wouldn't work for a general
communication tool, as the high entropy of fingerprints makes them
awkward to handle, and the extra security of a manual fingerprint
check isn't needed for many conversations.  A tool that required this
would be rejected by most users.

(B)  If the user chooses to check a fingerprint, the tool presents an
"entry" UI instead of a "display" UI.  I think I can compare strings
faster than I can transcribe them (particularly on a phone or tablet),
so a tool that forced me to enter it would be annoying, IMO.


