[122669] in cryptography@c2.net mail archive
Re: User interface, security, and "simplicity"
daemon@ATHENA.MIT.EDU (Ian G)
Tue May 6 20:46:21 2008
Date: Tue, 06 May 2008 23:08:04 +0200
From: Ian G <iang@systemics.com>
To: David Wagner <daw-usenet@taverner.cs.berkeley.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <200805061840.m46Ier09001844@taverner.cs.berkeley.edu>
David Wagner wrote:
...
> This struck me as poor design, not good design. Asking the user to
> make these kinds of choices seems like the kind of thing that only a
> cryptographer could consider sensible. In this day and age, software
> should not be asking users to choose ciphers. Rather, the software
> should just pick a sensible high-grade security level (e.g., AES-128,
> RSA-1024 or RSA-2048) and go with that, and avoid bothering the user.
> Why even offer "low" as an option? (And this "export" business sounds
> like a throwback to a decade ago; why is that still there?)
>
> Good crypto is cheap. Asking a user is expensive and risky.
>
>> So I think there should be a broad design bias towards *implicit* correct
>> behaviour in all system features, with rope available for advanced users
>> to *explicitly* craft more complex use-cases. Once you have that, practical
>> security is not too difficult.
>
> Amen. I know of quite a few software packages that could use more of
> that philosophy.
I think we are all coming around to the view that any
choices are practically messy and dangerous, no matter how
nice they look on paper.
The way I put it, there is only one mode, and it is secure.
From there on, it only gets better. Obligatory rant:
http://iang.org/ssl/h3_there_is_only_one_mode_and_it_is_secure.html
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
