Does there exist cross-platform email handlers following these basic guidelines based on some very limited experience?
- Generate new key at first startup, rather than asking the user if they have an existing key. "Use existing key" could be a button somewhere isolated on the form.
- Secure defaults. Just stick with some general recommendations, and let the advanced users (and those who want to shoot themselves in the foot) tweak.
- Don't even include completely insecure options, or combinations which are known to be insecure. If it's already broken, it doesn't belong in an end user application.
Display only the text that the user wrote in the text output widget (be it a curses interface, web page or application window). That is, if I
- create two emails with identical subject and body,
- encrypt and sign one of them, and
- send both to myself,
the subject and body text for both should be identical. PGP metadata is still metadata, so it belongs in other widgets.
- Lots of context-sensitive help. For example:
- What does it mean to mark a signature as "somewhat trusted"? How is signature trust different from how much I trust the person?
- How to I increase the trusted level? For example, if the person is sitting next to me or is on the other side of the globe, what are practical ways to maximize the trusted level of the signature?
- Ballpark guesstimates for generating and cracking keys. For example, I'd like a warning if it's going to take 5 days to generate an N bit key, if the resulting key can be cracked by any organization in less than a year, or if the extra metadata is going to take up a megabyte in each tweet-size email.
- Simple up-/downloading of keys to common servers.
