[19208] in cryptography@c2.net mail archive
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
daemon@ATHENA.MIT.EDU (James A. Donald)
Mon Dec 12 10:18:35 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Sun, 11 Dec 2005 10:19:21 -0800
In-reply-to: <439A1D0E.1050300@nma.com>
--
From: Ed Gerck <edgerck@nma.com>
> As new capabilities conflict with the old, the end
> result of this approach seems to ne a lot of patched
> in complexity and vulnerabilities.
>
> It seems better to start with a performance
> specification for the full system. The code can follow
> the specs as close as possible for each version, the
> specs can change too, but at least the grand picture
> should exist beforehand.
Usability is the key part of perfomance.
Amazon is sending out unsigned emails. Seems to me this
is in part because they find it hard to sign anything,
in part because if they did sign something I doubt it
would do the end user much good, since the end user is
already suffering from name overload, and is unlikely to
appreciate the difference between a signature belonging
to amazon.com, amazon.co.uk, and amazon.jim.com
We really need to start from the user, and look for ways
in which the user's mental model of security can be used
to defeat realistic threats.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
b5RoNWK+PD+pn6rk1lBkzIqv8T4ntwUO6CxDoPtA
48yzird9uDuNNK+xU0XcZisSug3K2XHzHu0MXgwqB
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
