Paul,
Usability should by now be recognized as the key issue for security -
namely, if users can't use it, it doesn't actually work.
And what I heard in the story is that even savvy users such as Phil Z
(who'd have no problem with key management) don't use it often.
BTW, just to show that usabi
At 4:31 PM -0800 2/23/06, Ed Gerck wrote:
Usability should by now be recognized as the key issue for security -
Fully agree.
namely, if users can't use it, it doesn't actually work.
We disagree on the meaning of the phrase "actually work".
And what I heard in the story is that even savvy
Ed Gerck wrote:
> Paul,
>
> Usability should by now be recognized as the key issue for security -
> namely, if users can't use it, it doesn't actually work.
>
> And what I heard in the story is that even savvy users such as Phil Z
> (who'd have no problem with key management) don't use it often.
Hi,
> >And what I heard in the story is that even savvy users such as Phil Z
> >(who'd have no problem with key management) don't use it often.
> Phil *does* have a problem with key management. He knows how to do
> it, but his communications partners are not as good as he is.
Phil Z doesn´t know
Ben Laurie wrote:
Ed Gerck wrote:
Paul,
Usability should by now be recognized as the key issue for security -
namely, if users can't use it, it doesn't actually work.
And what I heard in the story is that even savvy users such as Phil Z
(who'd have no problem with key management) don't use it
Ed Gerck wrote:
> Ben Laurie wrote:
>> Ed Gerck wrote:
>>> Paul,
>>>
>>> Usability should by now be recognized as the key issue for security -
>>> namely, if users can't use it, it doesn't actually work.
>>>
>>> And what I heard in the story is that even savvy users such as Phil Z
>>> (who'd have n
> I wonder now, why he didn´t tried to solve that usability/scalability problem
> himself yet, but gave up instead.
Because it simply didn't cause too much pain to have
things changed. It's the same with those jolly ol'
PGP keyservers. They really, really are a mess but
they are more or less work
In message <[EMAIL PROTECTED]>, Ed Gerck writes:
>This IS one of the sticky points ;-) If postal mail would work this way,
>you'd have to ask me to send you an envelope before you can send me mail.
>This is counter-intuitive to users.
I assumed that that was your point, which is why I figured you
> >> Usability should by now be recognized as the key issue for security -
> >> namely, if users can't use it, it doesn't actually work.
% man gpg | wc -l
1705
% man gpg | grep dry
-n, --dry-run Don't make any changes (this is not completely implemented).
I rest my case.
--dan
Ben Laurie wrote:
Ed Gerck wrote:
This IS one of the sticky points ;-) If postal mail would work this way,
you'd have to ask me to send you an envelope before you can send me mail.
This is counter-intuitive to users.
We have keyservers for this (my chosen technology was PGP). If you liken
thei
Ed Gerck wrote:
> Ben Laurie wrote:
>> Ed Gerck wrote:
>>> This IS one of the sticky points ;-) If postal mail would work this way,
>>> you'd have to ask me to send you an envelope before you can send me
>>> mail.
>>> This is counter-intuitive to users.
>>
>> We have keyservers for this (my chosen
At 3:29 PM +0100 2/24/06, Philipp Gühring wrote:
> Phil *does* have a problem with key management. He knows how to do
it, but his communications partners are not as good as he is.
Phil Z doesn´t know how to do it himself, at least with PGP.
He told me that he doesn´t sign people´s keys who a
On Fri, Feb 24, 2006 at 01:44:14PM +, Ben Laurie wrote:
> Ed Gerck wrote:
> > Paul,
> >
> > Usability should by now be recognized as the key issue for security -
> > namely, if users can't use it, it doesn't actually work.
> >
> > And what I heard in the story is that even savvy users such a
On 2/23/06, Ed Gerck <[EMAIL PROTECTED]> wrote:
> Usability should by now be recognized as the key issue for security -
> namely, if users can't use it, it doesn't actually work.
There was an informative study on the usability of PGP, here if you
haven't seen it:
http://www.gaudior.net/alma/johnny
On Fri, Feb 24, 2006 at 08:30:16AM -0800, Paul Hoffman wrote:
> >So PGP obviously has a usability and scalability problem.
>
> Fully agree, and I would certainly extend that to S/MIME as well.
>
One of the issues with S/MIME is that most mail clients have no useful
support for self-signed keys.
Steven M. Bellovin wrote:
Certainly, usability is an issue. It hasn't been solved because
there's no market for it here; far too few people care about email
encryption.
Usability is the issue. If I look over onto
my skype window, it says there are 5 million
or so users right now. It did th
Ben Laurie wrote:
I don't use PGP - for email encryption I use enigmail, and getting
missing keys is as hard as pressing the "get missing keys" button.
Missing keys that do not exist or do not work (user forgot passphrase or
revoked) are still missing keys, no? Considering how few users use PGP
Paul Hoffman wrote:
This is my original disagreement with Ed's message. It can be done, and
when you do it it works, but it is too difficult for most people to
bother with. I think we all agree on those three facts, just not on what
to label the last one.
Actually, when I wrote "it does not a
Ian G wrote:
> To get people to do something they will say "no"
> to, we have to give them a freebie, and tie it
> to the unpleasantry. E.g., in SSH, we get a better
> telnet, and there is only the encrypted version.
We could just as well say that "encryption of remote server sessions is
rare in
19 matches
Mail list logo