[Cryptography] Explaining PK to grandma
Phillip Hallam-Baker
hallam at gmail.com
Thu Nov 28 13:50:11 EST 2013
On Thu, Nov 28, 2013 at 7:30 AM, Jerry Leichter <leichter at lrw.com> wrote:
> On Nov 27, 2013, at 4:39 PM, Phillip Hallam-Baker wrote:
>
> *But*, there is one thing that may need, no so much "explanation" in the
>>> sense of conveying a deep understanding, as "training". Somehow, a user of
>>> secure email has to know how to get a key for themselves; how to move that
>>> key to different machines;
>>
>>
> No!
>
> All the user needs to know is how to configure their email on a different
> machine. If it takes more than giving the machine the address of the
> account and authorizing the new machine to connect to it then it has failed.
>
> I'm not sure what you are saying here. "Authorizing the new machine" is
> just "how to move the key to a different machine" in different words.
>
The difference is that the machine might not have the key ever, merely the
ability to decrypt.
I got beaten up by MEZ for saying similar stuff about padlocks and green
bars when we did the UI work in the W3C, it really does make a difference.
We have to think in terms of user objectives, not mechanism.
For example, I have an iPhone, how much can I trust it? Well only to a
degree because I could easily lose it or it could get taken off me at an
airport by the type of government that does this.
http://upload.wikimedia.org/wikipedia/commons/4/4b/AbuGhraibAbuse-standing-on-box.jpg
So maybe it is better to not put the decryption key on the end point device
at all. Maybe it is safer in the cloud. Or maybe we use some sort of key
splitting scheme.
Going straight to a mechanism forecloses options that might turn out to be
simpler.
> OK, it says it even more broadly than I did, but you can't get *too* broad
> without losing important distinctions. The person undertaking the actions
> has to understand that some actions make the encrypted text visible, so are
> not to be undertaken lightly. If you really use the words "authorizing the
> machine", you're putting the emphasis in the wrong place: The machine.
> Who cares about the machine? What matters is what *people* you've
> implicitly authorized through this action. Handing your car keys to
> someone isn't about the keys - it's about who can drive away in your car.
>
I can walk instead of ride in a car but I can't do RSA at more than 512
bits in my head and I am not sure if I can do 512 any more.
So there is going to be a machine involved or machines even but Alice is
not a machine. The trust end points are people and organizations but the
technical implementation is machines.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131128/5b7e4ef0/attachment.html>
More information about the cryptography
mailing list