[148260] in cryptography@c2.net mail archive
Re: [Cryptography] Explaining PK to grandma
daemon@ATHENA.MIT.EDU (Guido Witmond)
Tue Nov 26 11:30:51 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 26 Nov 2013 10:42:20 +0100
From: Guido Witmond <guido@witmond.nl>
To: cryptography@metzdowd.com
In-Reply-To: <alpine.LFD.2.02.1311251311180.5107@laptop.kerry-linux.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2855911966009576994==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="----enig2OQKPFHHGVCATESFQINHO"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2OQKPFHHGVCATESFQINHO
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 11/25/13 13:29, Ralf Senderek wrote:
> At that point granny will be crying out for something simpler, and we
> have to
> tell her that we cannot make it simpler.
We have to take cryptography out of the brain-loop of Granny.
The common requirement for people:
1 Don=92t think, just click.
2 Someone else must protect me.
3 For free.
On 1: Users don=92t want to be bothered with anything that stands in the
way of what they want to do. It won=92t work.
On 2: Users assume that their computer keeps them safe from all harm. Or
their virus scanner. Or their ISP, or faceboogle, or their government.
But at the same time, these appointed chaperones must respect the
privacy of their entrusted appointees.
On 3: Of course, users don=92t want to pay for anything.
One might call it unfair of these users, however, I don=92t blame them.
It=92s what has been promised time after time, albeit never delivered.
It=92s time we are going to deliver that: /No-Brain Security and Privacy.=
/
Notice the first point in 'On 2', they expect their computer to protect
them. Besides, they have already paid heavily for their new computer.
Here is my take on how to make it:
1 User learns about a site, perhaps via a search engine;
2 User browses site, reads a bit on it; decides to sign up;
3 User directs the agent to request a client certificate with a user
chosen nickname (a different nickname for each site); it sounds
complicated but is just a single click;
4 Site signs the certificate. The certificate bears the chosen
nickname and the sitename.
The trust decision happens in step 2. It=92s a typical users=92 decision:=
=93I
like it, and want to sign up.=94
The system has to keep the user secure, protect their privacy, fight
against phishers, malware, MitM, BGP-rerouting.
Now let's build it.
Regards, Guido.
<plug> Or just use mine:
http://eccentric-authentication.org/blog/2013/11/24/end-user-trust-model.=
html
</plug>
------enig2OQKPFHHGVCATESFQINHO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBAgAGBQJSlGz8AAoJEHPd8GglaNRmadEQAICbGzSaljcy8cpB6p4kFTV7
cBwR2skY9XQtmqb83Jy82jTKAjPI8eBU2rGwR9syHlCodEGlGY6yZ7Ha6Ruyfev4
kLD7VkGhTFkxCScWUqq80KjdlxMzUDkS69/QEnZ4RQ2AAU3se2/lsHQ/cNKXidr2
uNoCck2J4m0NR+okodmXGBz6l4TLkEc/uZ9akrqhMALN9M2jIH5i2i2yVwvQw9Lc
Of5YMSKnZDcyj8HIz4Em4vkTtVgGzhEVKdAukMP1/5W21q4d/oHmt2Y5J9xJTwl0
jbEJ8bbZOmimxa9l036IMvxOrEJbDcqVolzP8XzNgNd/9h+RSr3919F+N5gtgkJj
JhGBpyiJJ1GSdJCq/ycBpO91N1AKFuw2hO4h8XiCnY15AemsNBhTLWQuztFQy46r
AYQUpPjwbgyNWLnFzSNLW8Pup5jBnyquCbGkE0z74W05pn77scuZ+eCjv4xqOkwE
OKwS/IwsgOzE8szH1xftUzhBLHAGz4MGNrIBmx/y2r1388wzn77z4Ow33jL7KmdY
fzEkGJaJFHrCfXxHDxX7E9/YnW67m6qdAyoleHcp/FlSN7uwYRkVObl4ZJslP/6/
03fhRwbIMYxk+Te5IA/SOZ03Ci14iPCn1WIztXarXdwaeOV06mdErPTb7dCCdCRU
Fi51QdzkpOk65BkRocKh
=tNG5
-----END PGP SIGNATURE-----
------enig2OQKPFHHGVCATESFQINHO--
--===============2855911966009576994==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2855911966009576994==--
