[Cryptography] Explaining PK to grandma
Nico Williams
nico at cryptonector.com
Tue Nov 26 12:58:49 EST 2013
On Tue, Nov 26, 2013 at 09:44:51AM -0800, Jon Callas wrote:
> On Nov 26, 2013, at 9:17 AM, Nico Williams <nico at cryptonector.com> wrote:
> > But users have to understand the risks [inherent in driving a killing
> > machine such as a car, or sending sensitive data over any one
> > transport].
> >
> > I believe users need to know, and be educated if need be, about scams
> > (e.g., phishing) and how to recognize when they are at risk. Some
> > details necessarily bleed through the abstractions ("cars burn gas").
>
> I hate to be blunt, but you're going to fail.
I've already stated that I don't think e-mail can be secured. That
makes it easier to educate users: don't put much faith into what you get
in your inbox.
As for IM and web services, the best we can hope for is for users to
know that they're at least trusting the vendor of the app/device, and we
should apply things like DANE and pinning (and stronger TLS) to get as
close as possible to "secure" for those services. That's reasonably
feasible. I doubt we'll do much better as to mass consumption.
Nico
--
More information about the cryptography
mailing list