Ian Grigg wrote:
If users find that dealing with mozilla products is difficult, they are far more likely to either not deal with the product, or not set it up to use keys at all. Hence, they have lost any security benefit, and only the very few who go through the trouble and jump through all the security hoops to use the more difficult tools will enjoy any protection.
But this is a double edge sword, the easier you make security the less likely good security will be used defeating potentially all benefit in having it in the first place.
Duane, this is simply not the case. People use security, but only when it doesn't interfere. Marketing studies and our own experience have consistently shown that people will choose convenience over security every time. So much so that almost all pure security companies go broke eventually. (If you look at the examples that succeeded in pure crypto, they are not security companies, but sellers of franchises.)
Making available a product has little bearing on whether people will use it. Only whether it does good stuff for people will people use it - and when it comes to security, that is almost always defined as "does what I want to do anyway with insecure tools but without interfering."
The SSL security model got *that* part right with the notion of the browser accepting anything signed by a pre-ordained list of root certs. Unfortunately, that model doesn't always translate outside browsing (and has unfortunate implications within browsing as well).
When it comes to email, it's impossible to get people to engage in that horribly messy certificate business. It's hard enough getting merchants to do it, which is why the cert franchise had to be limited to credit card protection only.
So you end up with a perfectly secure system - S/MIME and so forth - that simply isn't being used. How can you call that "delivering security?" Call it a piece of art, sure. But a system that delivers strong security to the users of products like Thunderbird? No way.
Kirckhoffs' 6th principle is "it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe." Kirckhoffs was studying soldiers, who in respect of communications are quite similar to Internet users: they have a job to do and if the communications security system slows that job down, they bypass it in an instant.
http://www.financialcryptography.com/mt/archives/000195.html
Just like email users.
> Good security isn't about making things as
easy as possible, this merely has the effect of making people complacent,
Duane, you are assuming that you can make people "be good" about security. No such pertains - people *are* by definition complacent about security. The challenge is to give them security that works *even* when they are complacent.
> what's most needed is good documentation on why things are
done the way they are done, good flow in the user interface so as to reduce confusion. Make education easier, not necessarily the technical side of security or you make it almost as useless as not having it.
No amount of documentation is going to help, only the dedicated read documentation. Yes, a good flow is important, but the challenge is to have an equivalent experience to what they already use.
Later on, those that really need the security will find out and spread knowledge amongst themselves about the weaknesses and how to improve things. But they only get the opporunity if they've been tricked into using the security infrastructure in the first place, generally by its transparency.
This was more a comment in general.
Sure!
As for openssl private keys, my understanding was you could still have the key encrypted with rsa encryption, but yet stored in 7bit ascii instead of binary.
Apparently this is the case - but because it is possible to deliver them unencrypted, the PEM format is deemed "not acceptable". If PEM format is used frequently, or is generated by a popular tool, this is generally going to lower security by reducing opportunities far more than it will ever increase security by avoiding attacks.
You only get security if the system is used.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
