[Cryptography] Explaining PK to grandma

Jerry Leichter leichter at lrw.com
Thu Nov 28 07:30:39 EST 2013 

On Nov 27, 2013, at 4:39 PM, Phillip Hallam-Baker wrote:
> *But*, there is one thing that may need, no so much "explanation" in the sense of conveying a deep understanding, as "training".  Somehow, a user of secure email has to know how to get a key for themselves; how to move that key to different machines;
> 
> No!
>  
> All the user needs to know is how to configure their email on a different machine. If it takes more than giving the machine the address of the account and authorizing the new machine to connect to it then it has failed.
I'm not sure what you are saying here.  "Authorizing the new machine" is just "how to move the key to a different machine" in different words.  OK, it says it even more broadly than I did, but you can't get *too* broad without losing important distinctions.  The person undertaking the actions has to understand that some actions make the encrypted text visible, so are not to be undertaken lightly.  If you really use the words "authorizing the machine", you're putting the emphasis in the wrong place:  The machine.  Who cares about the machine?  What matters is what *people* you've implicitly authorized through this action.  Handing your car keys to someone isn't about the keys - it's about who can drive away in your car.

> that they must *not* give that key to anyone else.
> 
> No! No!
> 
>  
> Make the scheme so that Grandma can't give her key to someone else without a great deal of effort.
No disagreement on the general principle:  Design that system so that it's easy to do the right thing and hard to do the wrong thing.  But, again, you can't remove all choice in the matter.  To take an extreme example, there must be a way to make the key accessible to heirs - or *not* make it accessible to heirs.  The holder of the key must have a reasonable understanding of what it would mean either way, and a straightforward mechanism for making the choice.

A useable system presents useful choices and actions in terms and with semantics that are appropriate and meaningful - where "useful", "appropriate" and "meaningful" are judged by those who use the system, not those who designed it.  Perhaps there's a role for a system with even fewer choices than I outlined, though personally I find it hard to see except in very limited circumstances.
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131128/70d2b743/attachment.html>

More information about the cryptography mailing list