You might enjoy this paper written by a non-cryptographer: https://www.usenix.org/system/files/1401_08-12_mickens.pdf
In his words, "people feel genuine anxiety when asked if they want large fries for just 50 cents more." Some of my other favorite quotes: "'Chains of Attestation' is a great name for a heavy metal band, but it is less practical in the real, non- Ozzy-Ozbourne-based world..." "PGP enthusiasts are like your friend with the ethno-literature degree whose multi-paragraph email signature has fourteen Buddhist quotes about wisdom and mankind’s relationship to trees. It’s like, I GET IT. You care deeply about the things that you care about. Please leave me alone so that I can ponder the inevitability of death." - moxie On 03/11/2014 03:33 AM, Tony Arcieri wrote: > I feel like solutions that rely on manual verification of key > fingerprints fall into this category: > > http://i.imgur.com/2bEWKNS.png > > I don't think these solutions are providing effective security. I feel > we need to start from the real needs of real users, and work backwards. > > One can propose a study for optimum time-based fingerprint verification > and study fingerprint accuracy, but are fingerprints even a good idea? I > feel that's where you need to start with any sort of usability study. > > Cryptocat's usability studies are addressing this problem. Short > Authentication Strings are addressing this problem. Solutions for > optimal fingerprint comparison accuracy, IMO, are ignoring the problem, > and studying the wrong solution. > > Thoughts? > > -- > Tony Arcieri > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > -- http://www.thoughtcrime.org _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
