[Cryptography] Explaining PK to grandma
Phillip Hallam-Baker
hallam at gmail.com
Wed Nov 27 16:39:19 EST 2013
On Wed, Nov 27, 2013 at 10:03 AM, Ralf Senderek <crypto at senderek.ie> wrote:
>
> Jerry Leichter wrote:
>
> *But*, there is one thing that may need, no so much "explanation" in the
>> sense of conveying a deep understanding, as "training". Somehow, a user of
>> secure email has to know how to get a key for themselves; how to move that
>> key to different machines;
>
>
No!
All the user needs to know is how to configure their email on a different
machine. If it takes more than giving the machine the address of the
account and authorizing the new machine to connect to it then it has failed.
that they must *not* give that key to anyone else.
>
>
No! No!
Make the scheme so that Grandma can't give her key to someone else without
a great deal of effort.
Imagine Granny has a little box next to her computer that does all
> the nasty crypto stuff she does not need to know about. Let us call
> it the crypto pi. All she can do is plug a memory stick in to feed the
> box some texts and pull another second memory key out to carry her
> encrypted text off to her lappy.
>
I think you are talking about the scheme that people like us might use.
Unless Grandma is running a revolutionary cell, I don't think we need to go
quite that far.
I certainly agree that for a particular class of user we want to lock it
down that well. But not for Grandma.
The NSA can't compromise every endpoint without being noticed. The more
times they get noticed, the more likelihood of an investigation eventually
taking place. And if that ever happens there is no knowing where it might
end up.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131127/180cd68d/attachment.html>
More information about the cryptography
mailing list