On 2/23/06, Ed Gerck <[EMAIL PROTECTED]> wrote:
> Usability should by now be recognized as the key issue for security -
> namely, if users can't use it, it doesn't actually work.

There was an informative study on the usability of PGP, here if you
haven't seen it:

I think the integration with mailers like the one I saw (either
outlook or evolution) and graphical key managers like kgpg are almost
sufficiently easy to use, especially if one merely fetches a key from
a keyserver or webpage and trusts it is correct.

To do it properly, one would have to find a chain of keys from oneself
to the recipient.  There were a few attempts to do this in an
automated fashion (e.g. pathserver), and I have been intending to
write one that can deal with the myriad of key types, but have not yet
found time to do so.  In many cases, such a path may not exist.

I think the real issue here is that the perceived threat is low enough
that it doesn't justify the effort required to learn the concepts and
tools.  I tried to host a key-signing party here, and many people just
couldn't see the utility in attending.  I tried to explain the
benefits, but ultimately they decide if the benefits are worth the
effort, and I am not inclined to force my evaluations of utility onto
them, were it even possible.  Personally, I guess I enjoy the
challenge of doing things securely.

There's a maxim somewhere that security has to be done invisibly in
order to be successful.  I'm not sure, many people still have to
present passwords to log in, but it could be argued that they are in
large part not fully effective, due to various reasons.  I suppose it
depends on how you define "successful".

> And what I heard in the story is that even savvy users such as Phil Z
> (who'd have no problem with key management) don't use it often.

A friend once PGP-emailed Garfinkel, who literally wrote the book on
PGP (O'Reilly), and he asked him to re-send it without encryption.

One time I PGP-emailed somebody well-known in the security world, and
they said it was the first time they received an unsolicited
PGP-encrypted email.

Someone else wrote:
> Sure I can, but if you want it to be encrypted to you, then you need to
> publish a key.

Interestingly, IBE (identity-based encryption) does not have this
requirement.  Email addresses are valid public keys.  Obviously you
must trust the server, which is presumably hosted at your corporation
or ISP.


I'm not sure how much it really buys you; you basically have delegated
key generation to the server.  Does it avoid the need to get a "path"
to the recipient or their server?
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to