
Validity, Trust, and the Design of Interfaces - logane
http://www.anishathalye.com/2016/08/21/validity-trust-and-the-design-of-interfaces/
======
teddyh
This is the system used by p≡p:

 _The full set of Privacy Status’ are:_

• _Gray /Unknown/Unsecure/Unreliable Security_

 _Unknown is commonly for outgoing messages where no contact or address has
yet been added to the To, Cc or Bcc fields of an email or message._

 _Unsecure or Unsecure for Some means that p≡p cannot find a way of sending or
receiving the communication with any form of encryption (to all recipients if
Unsecure for Some). This represents the default situation today which, in the
case of email, usually must be considered as “secure” as sending a physical
post card._

 _Unreliable means that p≡p cannot find a way of sending or receiving the
communication reliably. So, for example, the communication could have been
sent using S /MIME. With S/MIME it's known that if one public Certificate
Authority (CA) is subverted then the security of the entire system is lost —
potentially subverting all the entities that trust the compromised CA._

• _Yellow /Secure:_

 _The communication is encrypted using state-of-the-art technology. However,
your communication partner still needs to be trusted by completing a
handshake._

• _Green /Secure & Trusted:_

 _The communication is encrypted using state-of-the-art technology and your
communication partner is trusted. Trust is confirmed with a handshake where,
using a side-channel (e. g. by phone call), communication partners verify they
are each who they say they are and the communication can be fully trusted by
all reasonable means expected from a regular user._

• _Red /Mistrusted, Under Attack:_

 _Mistrusted means that you have previously failed a handshake. You cannot
trust that your communication partner is who they say they are._

 _Under Attack means that either a man-in-the-middle (MITM) attack has to be
assumed or another (serious) cryptographic error occurred. The communication
channel must be considered unsecure and any exchanged information not
private._

