X.509 / PKI, PGP, and IBE Secure Email Technologies

Matthew Byng-Maddick cryptography at lists.colondot.net
Fri Dec 9 05:08:46 EST 2005 

On Thu, Dec 08, 2005 at 09:40:22AM -0800, Aram Perez wrote:
> On Dec 7, 2005, at 10:24 PM, James A. Donald wrote:
>> Aram Perez
>>> James A. Donald:
>>>> We can, and should, compare any system with the
>>>> attacks that are made upon it.   As a boat should
>>>> resist every probable storm, and if it does not it
>>>> is a bad boat, an encryption system should resist
>>>> every real threat, and if it does not it is a bad
>>>> encryption system.
>>> I'm sorry James, but you can't expect a (several
>>> hundred dollar) rowboat to resist the same probable
>>> storm as a (million dollar) yacht.
>> Software is cheaper than boats - the poorest man can
>> afford the strongest encryption, but he cannot afford
>> the strongest boat.
> If it is that cheap, then why are we having this discussion? Why  
> isn't there a cheap security solution that even my mother can use?

Can your mother sail a boat? Worth noting that more expensive doesn't
necessarily make the boat easier to sail (in fact there are more things
to tune, in general), and at the point that you're getting a million
pound yacht, you'll probably be hiring someone very qualified to skipper
it for you... Is that a useful comparison then to security software? I
would expect a competent sailor to be able to weather some storms in a
rowboat, where, your mother (to use the example above) would fail. If
we carry the discussion to its logical conclusion: I'd therefore expect
someone who understands about security to be able to use available
security software with a reasonable ability to keep their data safe.

Useability and cost are not necessarily related. This discussion
is conflating both things. In the security software case, the
useability is not there yet at all, the cost is generally fine.

The question you want to be asking is "what can be done to make the
available software useable safely by my mother?"

Cheers

MBM

-- 
Matthew Byng-Maddick          <mbm at colondot.net>           http://colondot.net/
                      (Please use this address to reply)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list