On 1/16/2017 10:15 AM, Razer wrote:
If you really need security a small learning curve is acceptable and
attainable.
No it is not. And proof is that it is not in fact attained.
Further a small learning curve is not needed. We can in fact have zero
clicks security - placing the burden on designers and developers, not users.
For example phishing could easily be abolished by making all passwords
zero knowledge password protocol under the hood and placing logins in
the chrome.
Well, not easily because we would have to rewrite existing standards and
redo much existing software, but easily for the end user, who would
scarcely notice that anything had changed.
Similarly, it is possible to ensure that the mapping between public keys
and IDs looks the same for everyone in the world, preventing MIM attacks
without burdening the user to manage his public keys himself.
