On Tue, Jul 12, 2011 at 11:10 AM, Hill, Brad <[email protected]> wrote: > > I have found that when H3 meets deployment and use, the reality too often > becomes: "Something's gotta give." We haven't yet found a way to hide enough > of the complexity of security to make it free, and this inevitably causes > conflicts with goals like adoption.
This is an excellent objection. I think this shows that most crypto systems have bad usability in their key management (SSL, PGP). People don't use such systems if they can help it, and when they do they often use them wrong. When systems come with good usability properties in the key management (SSH, and I modestly suggest ZRTP and Tahoe-LAFS) then we don't see this pattern. People are willing to use secure tools that have a good usable interface. Compare HTTPS-vs-HTTP to SSH-vs-telnet (this observation is also due to Ian Grigg). Regards, Zooko _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
