PGP should be viewed
primarily as an authentication tool
once you change your viewpoint you will recognize imposters as the
real problem . in this as in so many cases of problem solving
real progress only begins when the real problem is recognized .
there's no getting around the authentication problem. no easy
way out . you have to authenticate the identification of those
you do business with and where that business is done digitally you
have to use a public key encryption system .
just typing your Date of Birth into a "smart" terminal isn't
sufficient to verify your ID -- or anyone else for that matter.
these symmetric keys -- are all compromised and for sale on the
Dark Market
On 09/29/2015 11:24 PM, Daniel Kahn
Gillmor wrote:
On Sat 2015-09-19 19:17:35 -0700, Phil Stracchino wrote:
It doesn't matter how easy-to-use you can make a waffle iron, you're
never going to sell one to somebody who doesn't want a waffle iron. The
principal reason not everybody owns a boat is because not everybody
wants a boat. Some people don't have pets simply because they don't
want to have pets. I don't own a fishing rod, because I'm not
interested in fishing.
Likewise, you cannot make somebody who doesn't care about encryption and
isn't interested in it use an encryption tool by making it easier to
use. Someone who isn't interested in encryption isn't going to use any
encryption tool until and unless you can first convince them of why they
*should* use it.
I disagree with this general line of reasoning. It's certainly possible
to get someone to use an encryption tool without convincing them that
they want encryption. For example, i suspect a large fraction of users
of web browsers have no idea that they're using an encryption tool. We
can discuss the validity and flaws of TLS/HTTPS and the common UI/UX
elements used to represent it in the browser (though probably not here,
unless we're doing it as a comparison or for consideration of UI/UX
improvements for enigmail more generally), but the fact is that most
people use encryption tools because they want to communicate, and
because our infrastructure makes communicating in an encrypted form
effective and easy.
I also disagree with the general idea Robert put forward that "we" (who
is "we" here again?) do not evangelize. Some of us on this list
recognize that there is something like a privacy ecosystem, and that the
surveillance problem is at least as much an ecological problem as it is
an individual-actor problem. If the overwhelming majority of message
content can be mined by third parties, everyone's privacy is in bad
shape. And the more people who use a system, the better it becomes
(through user feedback and contributions), and the more normal it is to
use it.
There are serious challenges in making an encryption tool that is easy
for non-experts to use and simultaneously strong enough to defend
against targeted, powerful attackers. But that doesn't mean we should
limit ourselves to picking just one of these goals. Enigmail is one of
the projects trying to do that hard work, and we're better off as a
community for the effort invested here.
--dkg
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
--
/Mike
|
signature.asc
Description: OpenPGP digital signature
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
