Ed Gerck wrote: > Ben Laurie wrote: >> Ed Gerck wrote: >>> Paul, >>> >>> Usability should by now be recognized as the key issue for security - >>> namely, if users can't use it, it doesn't actually work. >>> >>> And what I heard in the story is that even savvy users such as Phil Z >>> (who'd have no problem with key management) don't use it often. >>> >>> BTW, just to show that usability is king, could you please send me an >>> encrypted email -- I even let you choose any secure method that you >>> want. >> >> Sure I can, but if you want it to be encrypted to you, then you need to >> publish a key. > > This IS one of the sticky points ;-) If postal mail would work this way, > you'd have to ask me to send you an envelope before you can send me mail. > This is counter-intuitive to users.
We have keyservers for this (my chosen technology was PGP). If you liken their use to looking up an address in an address book, this isn't hard for users to grasp. > Your next questions could well be how do you know my key is really mine... > how do you know it was not revoked ...all of which are additional sticky > points. For revocation, keyservers again. If I cared whether it was really yours (I don't), then I'd check the signatures, or verify the fingerprint out-of-band. > In the postal mail world, how'd you know the envelope is really from me or > that it is secure? I don't. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
