On Tue, Aug 19, 2014 at 3:27 AM, Trevor Perrin <[email protected]> wrote:
> There may still be reasons to prefer a centralized system, or to use > it in conjunction with other options. But I think that needs to be > justified on better grounds than "it worked for the web" It's easy to argue that the X.509 PKI used by the web has failed. However, it has provided users with a relatively seamless system that provides a barrier-to-entry for attacks. I'd place the emphasis on the former: by being mostly seamless, your average non-technical user has been able to partake of the security benefits in the common case, even if there are many known attacks that can be targeted at specific users. I would argue that a usable secure messaging system needs to seek a similar level of seamless UX. Good security is like air: the only time you should have to worry about it is when it's missing. -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
