Failure of PKI in messaging

[silvio]

Leichter, Jerry wrote:

> I think the whole notion of decentralizing *everything* has turned out
> to be a trap.  Yes, it makes for great cryptography and system design to
> find ways to do without a trusted third party.  But the resulting
> systems just don't fit the way people think and work.  Trust has
> *always* been based on personal contact

In human interactions trust is not based upon a centralized "authority"
either. So having a decentralized, inter-human solution such as PKI is
actually a lot closer to the natural ways of things, than the SSL
CA-based infrastructure.

The human touch is somewhat missing though and that's an implementation
issue. For example, one of the heavily underused features of GPG is the
picture ID. It'd make a lot more sense for non-geeks to see a picture of
their friend "message verified to come from [pic here]" than the more
obscure "Good signature from John Doe" which needs to be interpreted.
Likewise the mentioned use of colors, which would aid in intuitive
understanding of the authenticity and security of a message (or lack
thereof).

Silvio

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com