<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Nov 28, 2013 at 7:30 AM, Jerry Leichter <span dir="ltr"><<a href="mailto:leichter@lrw.com" target="_blank">leichter@lrw.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div><div>On Nov 27, 2013, at 4:39 PM, Phillip Hallam-Baker wrote:</div>
<blockquote type="cite"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">*But*, there is one thing that may need, no so much "explanation" in the sense of conveying a deep understanding, as "training". Somehow, a user of secure email has to know how to get a key for themselves; how to move that key to different machines;</blockquote>
</blockquote><div><br></div><div>No!</div><div> </div><div>All the user needs to know is how to configure their email on a different machine. If it takes more than giving the machine the address of the account and authorizing the new machine to connect to it then it has failed.</div>
</div></div></div></blockquote></div>I'm not sure what you are saying here. "Authorizing the new machine" is just "how to move the key to a different machine" in different words. </div></div></blockquote>
<div><br></div><div>The difference is that the machine might not have the key ever, merely the ability to decrypt.</div><div><br></div><div>I got beaten up by MEZ for saying similar stuff about padlocks and green bars when we did the UI work in the W3C, it really does make a difference. We have to think in terms of user objectives, not mechanism.</div>
<div><br></div><div><br></div><div>For example, I have an iPhone, how much can I trust it? Well only to a degree because I could easily lose it or it could get taken off me at an airport by the type of government that does this.</div>
<div><br></div><div><a href="http://upload.wikimedia.org/wikipedia/commons/4/4b/AbuGhraibAbuse-standing-on-box.jpg">http://upload.wikimedia.org/wikipedia/commons/4/4b/AbuGhraibAbuse-standing-on-box.jpg</a><br></div><div><br>
</div><div><br></div><div>So maybe it is better to not put the decryption key on the end point device at all. Maybe it is safer in the cloud. Or maybe we use some sort of key splitting scheme.</div><div><br></div><div>Going straight to a mechanism forecloses options that might turn out to be simpler.</div>
<div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word">
<div>OK, it says it even more broadly than I did, but you can't get *too* broad without losing important distinctions. The person undertaking the actions has to understand that some actions make the encrypted text visible, so are not to be undertaken lightly. If you really use the words "authorizing the machine", you're putting the emphasis in the wrong place: The machine. Who cares about the machine? What matters is what *people* you've implicitly authorized through this action. Handing your car keys to someone isn't about the keys - it's about who can drive away in your car.</div>
</div></blockquote><div><br></div><div>I can walk instead of ride in a car but I can't do RSA at more than 512 bits in my head and I am not sure if I can do 512 any more.</div><div><br></div><div>So there is going to be a machine involved or machines even but Alice is not a machine. The trust end points are people and organizations but the technical implementation is machines.</div>
<div><br></div><div> </div></div><br clear="all"><div><br></div>-- <br>
Website: <a href="http://hallambaker.com/" target="_blank">http://hallambaker.com/</a><br>
</div></div>