[Cryptography] Explaining PK to grandma
Guido Witmond
guido at witmond.nl
Tue Nov 26 04:42:20 EST 2013
On 11/25/13 13:29, Ralf Senderek wrote:
> At that point granny will be crying out for something simpler, and we
> have to
> tell her that we cannot make it simpler.
We have to take cryptography out of the brain-loop of Granny.
The common requirement for people:
1 Don’t think, just click.
2 Someone else must protect me.
3 For free.
On 1: Users don’t want to be bothered with anything that stands in the
way of what they want to do. It won’t work.
On 2: Users assume that their computer keeps them safe from all harm. Or
their virus scanner. Or their ISP, or faceboogle, or their government.
But at the same time, these appointed chaperones must respect the
privacy of their entrusted appointees.
On 3: Of course, users don’t want to pay for anything.
One might call it unfair of these users, however, I don’t blame them.
It’s what has been promised time after time, albeit never delivered.
It’s time we are going to deliver that: /No-Brain Security and Privacy./
Notice the first point in 'On 2', they expect their computer to protect
them. Besides, they have already paid heavily for their new computer.
Here is my take on how to make it:
1 User learns about a site, perhaps via a search engine;
2 User browses site, reads a bit on it; decides to sign up;
3 User directs the agent to request a client certificate with a user
chosen nickname (a different nickname for each site); it sounds
complicated but is just a single click;
4 Site signs the certificate. The certificate bears the chosen
nickname and the sitename.
The trust decision happens in step 2. It’s a typical users’ decision: “I
like it, and want to sign up.”
The system has to keep the user secure, protect their privacy, fight
against phishers, malware, MitM, BGP-rerouting.
Now let's build it.
Regards, Guido.
<plug> Or just use mine:
http://eccentric-authentication.org/blog/2013/11/24/end-user-trust-model.html
</plug>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131126/f1755a7e/attachment.pgp>
More information about the cryptography
mailing list