Terri Oda writes: > Basically, don't just read "Why Johnny Can't Encrypt" [1] and assume the > problem of encrypted is dead and never will be solved.
But you might want also to read JWZ's blog on Signal[2] *and all the comments* to see why threat models matter, and how subtle it can be. (If you're not going to read a large fraction of the comments, don't bother, nothing to see here.) It's the disagreement among smart, well-intentioned -- if a bit mouthy in JWZ's case ;-) -- people that's of interest here. AFAICT, in the whole thread there are no two individuals who agree on what threat model this particular encrypted messaging system should try to address! [1] https://www.usenix.org/conference/8th-usenix-security-symposium/why-johnny-cant-encrypt-usability-evaluation-pgp-50 [2] https://www.jwz.org/blog/2017/03/signal-leaks-your-phone-number-to-everyone-in-your-contacts/ _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
