Five Theses on Security Protocols

Adam Fields cryptography23094893 at aquick.org
Mon Aug 2 11:29:32 EDT 2010


On Sat, Jul 31, 2010 at 12:32:39PM -0400, Perry E. Metzger wrote:
[...]
> 3 Any security system that demands that users be "educated",
>   i.e. which requires that users make complicated security decisions
>   during the course of routine work, is doomed to fail.
[...]

I would amend this to say "which requires that users make _any_
security decisions".

It's useful to have users confirm their intentions, or notify the user
that a potentially dangerous action is being taken. It is not useful
to ask them to know (or more likely guess, or even more likely ignore)
whether any particular action will be harmful or not.

-- 
				- Adam
----------
If you liked this email, you might also like:
"Some iPad apps I like" 
-- http://workstuff.tumblr.com/post/680301206
"Sous Vide Black Beans" 
-- http://www.aquick.org/blog/2010/07/28/sous-vide-black-beans/
"Sous Vide Black Beans" 
-- http://www.flickr.com/photos/fields/4838987109/
"fields: Readdle turns 3: Follow @readdle, RT to win an #iPad. $0.99 for any ap..." 
-- http://twitter.com/fields/statuses/20072241887
----------
** I design intricate-yet-elegant processes for user and machine problems.
** Custom development project broken? Contact me, I can help.
** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff

[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ] ................ Founder

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list