Leichter, Jerry wrote: > I think the whole notion of decentralizing *everything* has turned out > to be a trap. Yes, it makes for great cryptography and system design to > find ways to do without a trusted third party. But the resulting > systems just don't fit the way people think and work. Trust has > *always* been based on personal contact
In human interactions trust is not based upon a centralized "authority" either. So having a decentralized, inter-human solution such as PKI is actually a lot closer to the natural ways of things, than the SSL CA-based infrastructure. The human touch is somewhat missing though and that's an implementation issue. For example, one of the heavily underused features of GPG is the picture ID. It'd make a lot more sense for non-geeks to see a picture of their friend "message verified to come from [pic here]" than the more obscure "Good signature from John Doe" which needs to be interpreted. Likewise the mentioned use of colors, which would aid in intuitive understanding of the authenticity and security of a message (or lack thereof). Silvio --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
