[148275] in cryptography@c2.net mail archive
Re: [Cryptography] Explaining PK to grandma
daemon@ATHENA.MIT.EDU (Nico Williams)
Tue Nov 26 13:13:42 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 26 Nov 2013 11:58:49 -0600
From: Nico Williams <nico@cryptonector.com>
To: Jon Callas <jon@callas.org>
In-Reply-To: <F029E45A-E2A6-4E99-BE40-72A7A17A21CA@callas.org>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Tue, Nov 26, 2013 at 09:44:51AM -0800, Jon Callas wrote:
> On Nov 26, 2013, at 9:17 AM, Nico Williams <nico@cryptonector.com> wrote:
> > But users have to understand the risks [inherent in driving a killing
> > machine such as a car, or sending sensitive data over any one
> > transport].
> >
> > I believe users need to know, and be educated if need be, about scams
> > (e.g., phishing) and how to recognize when they are at risk. Some
> > details necessarily bleed through the abstractions ("cars burn gas").
>
> I hate to be blunt, but you're going to fail.
I've already stated that I don't think e-mail can be secured. That
makes it easier to educate users: don't put much faith into what you get
in your inbox.
As for IM and web services, the best we can hope for is for users to
know that they're at least trusting the vendor of the app/device, and we
should apply things like DANE and pinning (and stronger TLS) to get as
close as possible to "secure" for those services. That's reasonably
feasible. I doubt we'll do much better as to mass consumption.
Nico
--
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
