[Acme] User Experience criteria

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 03 March 2015 00:23 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97CD91A8AEC for <acme@ietfa.amsl.com>; Mon, 2 Mar 2015 16:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.423
X-Spam-Level: *
X-Spam-Status: No, score=1.423 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rSMGCqmbJRI for <acme@ietfa.amsl.com>; Mon, 2 Mar 2015 16:23:56 -0800 (PST)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F13701A8AF9 for <acme@ietf.org>; Mon, 2 Mar 2015 16:23:13 -0800 (PST)
Received: by labgd6 with SMTP id gd6so34103608lab.7 for <acme@ietf.org>; Mon, 02 Mar 2015 16:23:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=d5y2KzX0sCSgPfQ26ZmtDZDTMEOV/2pybTFIPmPOrsE=; b=tTaYbcnTtdE7Phi2C/pis4E3+mGZWU5xFUM2n/TjYTwgaW8pYSrAxf0CcJm1ZCZVwr CfvGm65Y1W9i9NnQbGEu9byrJnTMypH1NuhtwSSsSAaL2LpWHmPYN/if/k5GrlOHh6Yp n+WE6tvGIUdJXfGqGQ+bGOQ5839jH/SRJIMb89w+FcgTJtcogyFcBDG7W98BzUO6/bdu ynatTeemt+pkWChILaqRH5FcWJGAiCFZ3JRHGkDcl5f1ddIpp7dYio7q7pLOQSvd1Gjb zIGvxCfLVKYvzHcES1RwRN0W8Y25BT8BQD5MNGXEQ1b+NwfJ6q4leEXV6EBc9Yz4pKpC HARQ==
MIME-Version: 1.0
X-Received: by 10.112.147.66 with SMTP id ti2mr27076280lbb.124.1425342192180; Mon, 02 Mar 2015 16:23:12 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.113.3.165 with HTTP; Mon, 2 Mar 2015 16:23:11 -0800 (PST)
Date: Mon, 2 Mar 2015 19:23:11 -0500
X-Google-Sender-Auth: -yW9wOKg5sUwIpT7zosqfn4Pcl4
Message-ID: <CAMm+Lwjje+PL3T0Ba1P0Oi4_KihM7PM1S4UUNsATK6CD8Zs75Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "acme@ietf.org" <acme@ietf.org>
Content-Type: multipart/alternative; boundary=047d7b3a86900c65b50510575701
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/UZxq8n9HnzGFpadOAhIcWreBOPc>
Subject: [Acme] User Experience criteria
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 00:23:57 -0000

One of the important features of LetsEncrypt that we must not lose sight of
is the ease of use goal.

99% of the pain involved in PKI today is unnecessary. I timed myself
installing S/MIME certs in various email clients and it took between
fifteen and thirty minutes. And I know what I am doing (unlike the typical
user).

Easy to follow instructions invariably turn out not to be for a large
number of reasons. Not least the instructions are usually out of date. So
while they might be simple they are also WRONG.

Lab testing is useful but it can also be a cop out. The behavior of a paid
test subject in a fifteen minute test rarely reflects that of a real user's
daily use. It is very informative for sales though.


I have been working on fixing this for S/MIME and I have written a program
that will configure Windows Live Mail to use S/MIME with no user input at
all. This is very similar to the planned user experience for Lets Encrypt
but it would be good if we could get the objectives down and generalize
them.


1) User interaction is only permitted for the purposes of
1a) Obtaining information that only the user can provide
1b) Providing information to the user

2) All information necessary for the user to make a decision will be made
available.

3) Adding security should require no additional user effort.


The first one is the key. The user should never have needed to do anything
more than say what their CA is and provide any necessary validation data.