[Cryptography] Explaining PK to grandma
Jon Callas
jon at callas.org
Tue Nov 26 13:27:56 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Nov 26, 2013, at 9:58 AM, Nico Williams <nico at cryptonector.com> wrote:
> I've already stated that I don't think e-mail can be secured. That
> makes it easier to educate users: don't put much faith into what you get
> in your inbox.
I think we're in violent agreement, then.
>
> As for IM and web services, the best we can hope for is for users to
> know that they're at least trusting the vendor of the app/device, and we
> should apply things like DANE and pinning (and stronger TLS) to get as
> close as possible to "secure" for those services. That's reasonably
> feasible. I doubt we'll do much better as to mass consumption.
I think you can do better than mere transport security. I think you can secure the content as well.
I also think there's a blur in messaging from IM into email. Once you go from simple texting to multi-media attachments, to having subject lines, to wanting to file things into folders, and then you wake up and you have email again. And that's the way forward to get secure messaging.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
wj8DBQFSlOgssTedWZOD3gYRAjuoAKDbWpgsjUBXHFT4PklO+Xzg4LYZ4wCghoUX
xgLBwiD009MFxHfm+wnVjeo=
=ZKxA
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list