Page MenuHome GnuPG
Create Task
Maniphest T7078

Kleopatra: Add automatic offer of revocation certificate export to the revocation process
Open, Needs TriagePublic
Actions

Description

We could improve UX for revocation by making the revocation related additional tasks more self-explanatory.

After optionally (if a keyserver is configured) offer to upload the revocation, we should then offer to export the certificate. In that dialog window we should explain very shortly what is to be done. like e.g. "Do you want to export the certificate? The exported certificate can then be send to communication partners to inform them about the revocation."

We could possibly only offer the export if no keyserver is configured. Or do it in all cases; maybe a company only uses an LDAP internally and external people get send a file.

See also T7076: Kleopatra: Improvements in the "Revoke Key" window

Details

Version
gpg4win 4.3.1 / vsd 3.2.1

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA76d874c487b7 Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA56f6b5ba6479 Ask the user to publish and/or export the certificate after revocation

Related Objects
Search...

Event Timeline

ebo created this task.Mon, Apr 8, 3:39 PM
TobiasFella added a commit: rKLEOPATRA56f6b5ba6479: Ask the user to publish and/or export the certificate after revocation.Wed, Apr 10, 2:09 PM
TobiasFella claimed this task.Wed, Apr 10, 2:11 PM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a comment.Wed, Apr 10, 2:42 PM

I just want to point out that we have explicitly decided to remove confronting the user with five different "What next" options in the certificate creation workflow. One reason is that the choice overwhelms the users because some think they need to do everything. Another reason is that many options were completely wrong for some of our customers. Such workflows are much better documented in company-specific SOPs (standard operation procedures).

I think it's ironic (and wrong) that we now re-introduce confronting the user with exactly the same "helpful suggestions" (publish, export) in another workflow.

Publishing should happen either automatically or via the standard workflow. Same for export, e.g. Kleopatra could automatically export the revoked certificate to a file and tell the user the location.

werner added a subscriber: werner.Thu, Apr 11, 11:15 AM

Revocations are an exceptional task and rarely needed. In this case ("help, help , my key is compromised, what shall I do now?") an extra dialog to help the user is imho appropriate. This different for the key generation process, becuase this needs to be done by every user at least once and thus should be UI-wise as simple as possible.

ebo added a comment.EditedThu, Apr 11, 11:36 AM

That said I think we should then strive to use only one "next" window.

Edit: what I deleted was wrong, we do not offer a keyserver upload currently.

werner added a subtask: T7083: Show revocation reasons also with a standard -k listing.Thu, Apr 11, 11:42 AM
ebo added a comment.Thu, Apr 11, 3:22 PM

Alexander suggested that we could avoid another window by putting check boxes in the revocation window for automatically uploading to the configured keyserver and creating a public key export with the revocation. That could then be configurable via the registry on windows, so that companies could adapt that according to their SOP.

ikloecker added a comment.Mon, Apr 15, 1:45 PM

I like the suggestion to add a checkbox for the upload. That's also in line with certification which is very similar to revocation.

Regarding the public key export I still think that we should just do it and tell the user the location of the file (I think the Documents folder is suitable) in the success message. It's one decision less for the user to make. In any case we should perform a minimal export.

TobiasFella added a comment.Tue, Apr 16, 10:03 AM

I'd propose that we could:

  • Always export the certificate and tell the user in the success dialog
  • Have an extra button in the success dialog allowing the user to upload the certificate.

That way, we don't have any extra dialogs. The user might still click through all dialogs without reading anything, but I'm not sure how we could prevent that

ikloecker added a comment.Tue, Apr 16, 10:24 AM

+1 for Tobias proposal

TobiasFella added a commit: rKLEOPATRA76d874c487b7: Automatically export certificate after revocation and ask the user to publish it.Thu, Apr 18, 11:03 AM
alexk added a subscriber: alexk.Thu, Apr 18, 5:41 PM