-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 08/28/2012 08:01 PM, MFPA wrote: > Hi > > > On Saturday 25 August 2012 at 2:59:57 AM, in > <mid:[email protected]>, Faramir wrote: > > >> IMHO, the main trouble probably is people don't feel >> the need to protect their privacy. > > So why do they use envelopes rather than postcards, and keep secret > the PIN for their cashpoint cards? > > > > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
In that case, perception of threat and more importantly loss of tangible goods keeps PIN secure. Obviously that works for envelopes as well, but honestly I think economics probably holds even more strongly. It's cheaper to buy a ton of envelopes than an equal number of postcards. A minor point of erratum as well, but I don't think "killing PKI" is the correct terminology for what we're really talking about. Something generally has to be alive before you can kill it, and PKI really hasn't been widely enough adopted that I would call it "alive" per say. It could be my perception of it, but going mainstream, ( and I mean normal people using it by choice, or better, by default) and then something causing it to recede would be more in line with killing. While we're kicking around pet theories though, I still think web mail has to be a significant barrier. The ratio of people who use a browser rather than a local mua at my uni are something like 4:1. If you get people culturally used to using PKI though, they will, which in this context would mean get them used to it in college. Just like the Microsoft student pricing, the idea should be indoctrinate at a relatively young age, so that they come to expect it later. Alice logs in to webmail, which makes her feel secure, and as far as she can tell Bob logs into his, and nobody can open it up otherwise. There's no perception of threat, probably because very few lay people understand 1. How easy it is to intercept email and 2. How insecurely email is stored. <soapbox>In the day and age when not having a Facebook account gets you strange looks and mutters behind your back, unless you force this upon people, it's not going to stick<jumps off>. Short of a massive government surveillance controversy with jackbooted thugs roving the country, nothing (for loose definitions of nothing) is going to convince people to voluntarily seek PKI, because they don't see a threat. Even in that situation, a good ~30% of the population can be counted on to come back to the 'should have nothing to hide' argument. The barrier is solely cultural, not technical. Enigmail, Thunderbird and gpg4win are trivial to set up. The first time I did it, it was on the phone, talking someone through it. So we either need to invent some sort of massive threat perception to unite everyone to adopt PKI, or just continue to push it as a grass roots movement. Or if some kind person would like to introduce a viable third option, I think a decent portion of humanity would owe him/her a debt. On the other hand, I'm advocating a rather heavy handed, Platonian, do it for people's own good even if they don't like it/decide they need it, so I'm sure at least some, or even most, will disagree as well. I will add my confession to the pile of selfish reasons to want to have PKI become widespread. landon - -- Violence is the last refuge of the incompetent. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQPZPWAAoJEDeph/0fVJWsQJsP/j6OEBThF2mhV4jUmmumtZ61 l9wZXuPmX8auE6U8hTwzTpUz6Hc0XXoyq9X0aeDdN0AWMRkykWDBGGqIFRANnLuJ vzbVB2uheD+rqSLJosDIVykN5LxWq5EazezER25KcHYkLzMVrbPZSDzKYUTtfBi8 3ovDJ/DtMEUQEtMcm4e5V3cFEAyMVQlote7Xb3e1CqZGJ59JJV2BxAm/bPYQnD8e YdlqH7MDAq1xTKG+e8x/tcM/Bc+f5OqTRC7USvrPrnjrvMZ9nYtZytaSvhdzstFN 48E4hMhO4OIem8kuHxpDGXkcrRRcwDv5JCb+BmRbaUJUdwzVkoIR/O1VCv1hh9uI oEnBJv5LwukvC+EB/hfBmixxYBWGCU0r3d0OOjqekqj819HXiOEAlVAQMhs2L7lc EDAvnaK6ZrRrSmjCq4/Ty+KXsPDb7C2EITSB4/j/cw2nL/GRr90ldHF8C5G24Ro9 E+Uua60pJhrspcmVgLoHAx96VkzedmP5icJz1le0gDfa002YTTtmyFhnNMruHUIQ 9xtc+flnWFi840eQLY3WAb1sSZ4jXYqq5D9xXNNqhOKBkhjmpVJGIYatvEYX1aZy h+Hy3+MStuvemvQ0kolQGk3+btzGY9MKga925kMtDNx6VchnK9qmvbxJJIwjL3uA XSqN8Fk9mmd2DY4YH8kG =fHUX -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
