Steven M. Bellovin wrote:
Certainly, usability is an issue. It hasn't been solved because there's no market for it here; far too few people care about email encryption.
Usability is the issue. If I look over onto my skype window, it says there are 5 million or so users right now. It did that without any of the hullabaloo of the other systems, and still manages to encrypt my comms. By some measures it is the most successful crypto system ever. Over on Ping's site there is this little essay about something or other: http://usablesecurity.com/2006/02/08/how-to-prevent-phishing/ Which starts out: "So, right up front, here is the key property of this proposal: _using it is more convenient than not using it_. " Which relates back to Kerchoffs' 6th principle. To add to that: To get people to do something they will say "no" to, we have to give them a freebie, and tie it to the unpleasantry. E.g., in SSH, we get a better telnet, and there is only the encrypted version. In skype we get a cheaper phone call, and there is only the encrypted version. The problem with PGP is that there is no loss leader in it, and it is possible to turn it off. Same with SSL. So that's what people do - they say no. iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]