[Cryptography] Can a machine do trusted public key management?

Bryan Price bytehead at gmail.com
Sat Nov 30 14:56:03 EST 2013


On Sat, Nov 30, 2013 at 1:01 PM, Ralf Senderek <crypto at senderek.ie> wrote:

> On a different thread bear wrote:
>
>  I'm pretty firmly of the opinion that your grandparents ought not be
>> required to understand asymmetric key crypto in order to use it.
>>
>
> Can the universal crypto box (UCB) take the responsibility from its users
> to
> perform proper key management? I don't think so.
>

I think it is a requirement that people do not have to understand any part
of crypto to be able to use it.

Do we really need email users to have any kind of understanding of SMTP or
POP3 to be able to use email?  Nope.  Setting up Thunderbird or another
mail client isn't too hard to do, the user generally gets told what server
to put in, what port to connect to, how to connect to that port, where to
put in their user name and where to put in their password.  The only things
they really understand are their user name and password, and maybe the
server.  Users of Gmail.com, Outlook.com, Yahoo.com and other web email
services don't even have to deal with that.  Users do not have to
understand DNS lookup of MX records, let alone understand that DNS even has
a role, or that a session starts with EHLO.

Crypto has to be at least as simple to the user if it is to be used by
everyone.

If - on the other hand -  we burden the user of the UCB with the job of
> proper
> key management, that does not necessarily mean that he needs to become an
> expert.


We can't get users from sharing email passwords or using the same passwords
across different accounts (mail or otherwise), nor to making sure that they
have strong passwords to begin with, do you really think they are going to
do a proper job of key management?   Key management is going to have to be
brain dead.  Because most users will act as if they are brain dead.

First time to post, been lurking awhile.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131130/8da358fa/attachment.html>


More information about the cryptography mailing list