[20072] in cryptography@c2.net mail archive
Re: NPR : E-Mail Encryption Rare in Everyday Use
daemon@ATHENA.MIT.EDU (Ed Gerck)
Fri Feb 24 09:58:15 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 24 Feb 2006 06:49:03 -0800
From: Ed Gerck <edgerck@nma.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, cryptography@metzdowd.com
In-Reply-To: <43FF0DAE.7070806@algroup.co.uk>
Ben Laurie wrote:
> Ed Gerck wrote:
>> Paul,
>>
>> Usability should by now be recognized as the key issue for security -
>> namely, if users can't use it, it doesn't actually work.
>>
>> And what I heard in the story is that even savvy users such as Phil Z
>> (who'd have no problem with key management) don't use it often.
>>
>> BTW, just to show that usability is king, could you please send me an
>> encrypted email -- I even let you choose any secure method that you want.
>
> Sure I can, but if you want it to be encrypted to you, then you need to
> publish a key.
This IS one of the sticky points ;-) If postal mail would work this way,
you'd have to ask me to send you an envelope before you can send me mail.
This is counter-intuitive to users.
Your next questions could well be how do you know my key is really mine...
how do you know it was not revoked ...all of which are additional sticky points.
In the postal mail world, how'd you know the envelope is really from me or
that it is secure?
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
