[148274] in cryptography@c2.net mail archive
Re: [Cryptography] Explaining PK to grandma
daemon@ATHENA.MIT.EDU (Jon Callas)
Tue Nov 26 12:51:16 2013
X-Original-To: cryptography@metzdowd.com
From: Jon Callas <jon@callas.org>
In-Reply-To: <20131126171750.GB21240@localhost>
Date: Tue, 26 Nov 2013 09:44:51 -0800
To: Nico Williams <nico@cryptonector.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Nov 26, 2013, at 9:17 AM, Nico Williams <nico@cryptonector.com> wrote:
> But users have to understand the risks [inherent in driving a killing
> machine such as a car, or sending sensitive data over any one
> transport].
>
> I believe users need to know, and be educated if need be, about scams
> (e.g., phishing) and how to recognize when they are at risk. Some
> details necessarily bleed through the abstractions ("cars burn gas").
>
> When I tried out the padlock analogy last yesterday, my audience got the
> MITM problem mainly when I mentioned relying on 411 as an online
> directory. Finding analogies that make real risks evident to the
> uninitiated is important, provided we can find such analogies of course.
I hate to be blunt, but you're going to fail.
Teaching people the risks inherent in driving machines like cars has only happened because of legislation, active and passive regulation (insurance demands are passive regulation), and three generations of time.
Even something like seat belts in autos has this problem -- and the threat is *really* easy to understand: your face goes into the windshield. Without laws mandating it, the user uptake in seat belts is only about 15-20%.
You and I are in that group (at least for crypto), but we are the *vast* minority. The only thing that works is invisible, transparent crypto, and accepting the risks that implies. Add on to that continuous engineering and improvement -- heck, the same thing happened with cars to make them safer -- but even that only happened with regulation.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
wj8DBQFSlN4TsTedWZOD3gYRAr81AJ9Gq1S273Vit4BG/dzTiGIPwmW9VACfReub
7kgc/+B6iY844M6HHHaoO2s=
=hN3R
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
