[122530] in cryptography@c2.net mail archive
Re: User interface, security, and "simplicity"
daemon@ATHENA.MIT.EDU (Ed Gerck)
Mon May 5 19:51:31 2008
Date: Sun, 04 May 2008 18:24:00 -0700
From: Ed Gerck <edgerck@nma.com>
To: cryptography@metzdowd.com
In-Reply-To: <481E1C70.4020004@systemics.com>
Ian G wrote: (on Kerckhoffs's rules)
> =====================
> 6. Finally, it is necessary, given the circumstances that command its
> application, that the system be easy to use, requiring neither mental
> strain nor the knowledge of a long series of rules to observe.
> =====================
> ...
> PS: Although his 6th is arguably the most important
Yes. Usability should be the #1 property of a secure system.
Conventional security thinking says that usability and security are
like a seesaw; if usability goes up, security must go down, and
vice-versa. This apparent antinomy actually works as a synergy: with
more usability in a secure system, security increases. With less
usability in a secure system, security decreases. A secure system that
is not usable will be left aside by users.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
