[148329] in cryptography@c2.net mail archive
Re: [Cryptography] Can a machine do trusted public key management?
daemon@ATHENA.MIT.EDU (Bryan Price)
Sat Nov 30 15:52:55 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <alpine.LFD.2.02.1311301856390.7255@laptop.kerry-linux.ie>
From: Bryan Price <bytehead@gmail.com>
Date: Sat, 30 Nov 2013 14:56:03 -0500
Cc: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0594035868491812851==
Content-Type: multipart/alternative; boundary=047d7b672a96943f6504ec6a58fc
--047d7b672a96943f6504ec6a58fc
Content-Type: text/plain; charset=ISO-8859-1
On Sat, Nov 30, 2013 at 1:01 PM, Ralf Senderek <crypto@senderek.ie> wrote:
> On a different thread bear wrote:
>
> I'm pretty firmly of the opinion that your grandparents ought not be
>> required to understand asymmetric key crypto in order to use it.
>>
>
> Can the universal crypto box (UCB) take the responsibility from its users
> to
> perform proper key management? I don't think so.
>
I think it is a requirement that people do not have to understand any part
of crypto to be able to use it.
Do we really need email users to have any kind of understanding of SMTP or
POP3 to be able to use email? Nope. Setting up Thunderbird or another
mail client isn't too hard to do, the user generally gets told what server
to put in, what port to connect to, how to connect to that port, where to
put in their user name and where to put in their password. The only things
they really understand are their user name and password, and maybe the
server. Users of Gmail.com, Outlook.com, Yahoo.com and other web email
services don't even have to deal with that. Users do not have to
understand DNS lookup of MX records, let alone understand that DNS even has
a role, or that a session starts with EHLO.
Crypto has to be at least as simple to the user if it is to be used by
everyone.
If - on the other hand - we burden the user of the UCB with the job of
> proper
> key management, that does not necessarily mean that he needs to become an
> expert.
We can't get users from sharing email passwords or using the same passwords
across different accounts (mail or otherwise), nor to making sure that they
have strong passwords to begin with, do you really think they are going to
do a proper job of key management? Key management is going to have to be
brain dead. Because most users will act as if they are brain dead.
First time to post, been lurking awhile.
--047d7b672a96943f6504ec6a58fc
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On S=
at, Nov 30, 2013 at 1:01 PM, Ralf Senderek <span dir=3D"ltr"><<a href=3D=
"mailto:crypto@senderek.ie" target=3D"_blank">crypto@senderek.ie</a>></s=
pan> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">On a different thread bea=
r wrote:<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">
I'm pretty firmly of the opinion that your grandparents ought not be<br=
>
required to understand asymmetric key crypto in order to use it. <br></bloc=
kquote><br>
Can the universal crypto box (UCB) take the responsibility from its users t=
o<br>
perform proper key management? I don't think so.<br></blockquote><br></=
div><div class=3D"gmail_quote">I think it is a requirement that people do n=
ot have to understand any part of crypto to be able to use it.<br><br></div=
>
<div class=3D"gmail_quote">Do we really need email users to have any kind o=
f understanding of SMTP or POP3 to be able to use email?=A0 Nope.=A0 Settin=
g up Thunderbird or another mail client isn't too hard to do, the user =
generally gets told what server to put in, what port to connect to, how to =
connect to that port, where to put in their user name and where to put in t=
heir password.=A0 The only things they really understand are their user nam=
e and password, and maybe the server.=A0 Users of Gmail.com, Outlook.com, Y=
ahoo.com and other web email services don't even have to deal with that=
.=A0 Users do not have to understand DNS lookup of MX records, let alone un=
derstand that DNS even has a role, or that a session starts with EHLO.<br>
<br></div><div class=3D"gmail_quote">Crypto has to be at least as simple to=
the user if it is to be used by everyone.<br><br><blockquote style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x" class=3D"gmail_quote">
If - on the other hand - =A0we burden the user of the UCB with the job of p=
roper<br>
key management, that does not necessarily mean that he needs to become an e=
xpert.</blockquote><div><br></div><div>We can't get users from sharing =
email passwords or using the same passwords across different accounts (mail=
or otherwise), nor to making sure that they have strong passwords to begin=
with, do you really think they are going to do a proper job of key managem=
ent?=A0=A0 Key management is going to have to be brain dead.=A0 Because mos=
t users will act as if they are brain dead.<br>
<br></div><div>First time to post, been lurking awhile.<br><br></div></div>=
</div></div>
--047d7b672a96943f6504ec6a58fc--
--===============0594035868491812851==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0594035868491812851==--
