Everybody take a deep breath. If we start treating this as black-and-white 
extremes, it is unlikely that most users will get the best security and 

Few if any of us active in this thread are HCI experts. Few of us have anything 
more than small amounts of anecdotal evidence. Many of us strongly-held 
religions about what users should want for the security we offer them.

It is quite clear that almost anything that is wanted along the spectrum of 
easy-and-insecure to cumbersome-and-very-secure is implementable in NSS and in 
software that uses NSS. It also is likely that NSS could embody many points 
along that spectrum and let the software decide; it would be our responsibility 
to choose those points wisely and to document them very well. My personal 
religion would have more points on the cumbersome-and-very-secure side, FWIW, 
but I know that there is a whole lot that I don't know.

This discussion is an important one, but it is one that should involve way more 
than just us. In fact, maybe we should be only minor players in the discussion, 
better adept at implementing what others want than to try to lead them to the 
best solution for the users. I don't see the expertise here for any of us to be 
stating the One True Solution.

--Paul Hoffman
dev-tech-crypto mailing list

Reply via email to