On Aug 28, 2013, at 2:04 PM, Faré wrote:
>> My target audience, like Perry's is people who simply can't cope with
>> anything more complex than an email address. For me secure mail has to look
>> feel and smell exactly the same as current mail. The only difference being
>> that sometime the secure mailer will say 'I can't contact that person
>> securely right now because…'
>>
> I agree with Perry and Phill that email experience should be
> essentially undisturbed in the normal case, though it's OK to add an
> additional authorization step.
>
> One thing that irks me, though, is the problem of the robust, secure
> terminal: if everything is encrypted, how does one survive the
> loss/theft/destruction of a computer or harddrive? I'm no ignoramus,
> yet I have, several times, lost data I cared about due to hardware
> failure or theft combined with improper backup. How is a total newbie
> to do?
This is a broader problem, actually. If you've ever had to take care of
someone's estate, you'll know that one of the problems is contacting all the
banks, other financial institutions, service providers, and other such parties
they dealt with in life. My experience dealing with my father's estate - a
fairly simple one - was that having the *paper* statements was the essential
starting point. (Even so, finding his safe deposit box - I had the unlabeled
keys - could have been a real pain if my sister didn't remember which bank it
was at.) Had he been getting email statements, just finding his mail accounts
- and getting access to them - could have been a major undertaking. Which is
one reason I refuse to sign up for email statements ... just send me the paper,
thank you. (This is getting harder all the time. I expect to start getting
charged for paper statements any time now.)
Today at least, my executor, in principle, work with the mail provider to get
access. But for truly secure mail, my keys presumably die with me, and it's
all gone.
You don't even have to consider the ultimate loss situation. If I'm
temporarily disabled and can't provide my keys - how can someone take care of
my bills for me?
We can't design a system that can handle every variation and eventuality, but
if we're going to design one that we intend to be broadly used, we have to
include a way to handle the perfectly predictable, if unpleasant to think
about, aspects of day to day life. Absolute security *creates* new problems as
it solves old ones. There may well be aspects to my life I *don't* want
revealed after I'm gone. But there are many things I *do* want to be easily
revealed; my heirs will have enough to do to clean up after me and move on as
it is.
So, yes, we have to make sure we have backup mechanisms - as well as key escrow
systems, much as the term "key escrow" was tainted by the Clipper experience.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
