NPR : E-Mail Encryption Rare in Everyday Use
Ian G
iang at systemics.com
Fri Feb 24 12:09:55 EST 2006
Steven M. Bellovin wrote:
> Certainly, usability is an issue. It hasn't been solved because
> there's no market for it here; far too few people care about email
> encryption.
Usability is the issue. If I look over onto
my skype window, it says there are 5 million
or so users right now. It did that without
any of the hullabaloo of the other systems,
and still manages to encrypt my comms. By
some measures it is the most successful crypto
system ever.
Over on Ping's site there is this little essay
about something or other:
http://usablesecurity.com/2006/02/08/how-to-prevent-phishing/
Which starts out:
"So, right up front, here is the key property of this proposal:
_using it is more convenient than not using it_. "
Which relates back to Kerchoffs' 6th principle.
To add to that:
To get people to do something they will say "no"
to, we have to give them a freebie, and tie it
to the unpleasantry. E.g., in SSH, we get a better
telnet, and there is only the encrypted version.
In skype we get a cheaper phone call, and there
is only the encrypted version.
The problem with PGP is that there is no loss
leader in it, and it is possible to turn it off.
Same with SSL. So that's what people do - they
say no.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list