[Cryptography] Explaining PK to grandma

Fri Nov 29 15:02:40 EST 2013

On 11/27/2013 15:03, Ralf Senderek wrote:
> 
> Jerry Leichter wrote:
> 
> Imagine Granny has a little box next to her computer that does all
> the nasty crypto stuff she does not need to know about. Let us call
> it the crypto pi. All she can do is plug a memory stick in to feed the
> box some texts and pull another second memory key out to carry her
> encrypted text off to her lappy.
> 
> What does the crypto pi have to do?
> 
> 1) generate a RSA key pair for her, store the public part on the
>    (output) memory stick.
> 2) check for new text on the input, try to find the public key for a
>    recipient.
>    Granny only says who it should be, giving an email address.
> 3) If found, use the public key on the text and write the encrypted result
>    to the other memory stick. Inform Granny that the encryption is ready.
> 4) Check the input stick for new encrypted texts Granny might have stored,
>    decrypt them with the private key inside the crypto pi.
>    Granny does not know it even exists.
> 
> What's left to do for Granny?
> 
> 1) Give her "thing" (from the output stick) to everyone who might send her
>    secure mail.
> 2) Store incoming "secure mails" on the input stick and feed it to the
>    box.
> 3) Store her messages on the input stick under the name of the intended
>    recipient's email address.
>    (finding the trustworthy pubkey is the pi's job)
> 4) Send the encrypted result to the email address.
> 
> I'd argue that even if such a box existed, finding a trustworthy public
> key to a given email address is not something we can take off of Grannie's
> shoulders and delegate it to the box.
> 
> So there is another task for Granny:
> 
> 5) Do good key management for the box.
>    And this cannot be done without knowing about the risks and taking
>    appropriate action.

Well, it seems to me Grandpa has bigger problems (because Granny uses
real email to communicate with the family while organizing summer
outings to ballet for 20):

1) For email, Grandpa uses Webmail. The service he uses doesn't offer an
easy way to plug in crypto.

2) But for most of his personal messaging Grandpa uses Facebook because
he finds that his grandkids regard email as something you only use if
forced.

3) Where Granny is actually pretty good with the computer because she
kept the books for her church for several decades, Grandpa had a
secretary and hasn't a clue. So Granny can learn, but Grandpa struggles
so much that his son has set up the machine so when he turns it on
everything loads automatically and logs him in.

For a fair number of people, getting them to use crypto will require
them to change their daily habits: the email software they use, the
service they use, even their address. I think you're underestimating the
amount of upheaval - and consequently overestimating people's
willingness to take it on. For the vast majority of people, email isn't
email as *we* think of it.

wg
P.S. I am really fed up with elderly females always being the go-to
example of the clueless user.
-- 
www.pelicancrossing.net <-- all about me
Twitter: @wendyg