On 13/07/11 8:36 AM, Andy Steingruebl wrote:
On Tue, Jul 12, 2011 at 2:24 PM, Zooko O'Whielacronx<[email protected]> wrote:
When systems come with good usability properties in the key management
(SSH, and I modestly suggest ZRTP and Tahoe-LAFS) then we don't see
this pattern. People are willing to use secure tools that have a good
usable interface. Compare HTTPS-vs-HTTP to SSH-vs-telnet (this
observation is also due to Ian Grigg).
I reject the SSH key management example though.
The SSH-vs-telnet example was back in the mid-90s where there were two
alternatives: secure telnet and this new-fangled thing called SSH.
What's instructive is this: secure telnet told the user to do
everything correctly, and was too much trouble. SSH on the other hand
got up and going with as little trouble as it could think of at the
time. Basically it used the TOFU model, and that worked.
The outstanding factoid is that SSH so whipped the secure telnet product
that these days it's written out of history.
(Granted, SSH wasn't really thinking about the large scale admin issues
that came later.)
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
