[148443] in cryptography@c2.net mail archive
Re: [Cryptography] Size of the PGP userbase?
daemon@ATHENA.MIT.EDU (Jon Callas)
Fri Dec 13 15:40:08 2013
X-Original-To: cryptography@metzdowd.com
From: Jon Callas <jon@callas.org>
In-Reply-To: <CAMm+LwjRwMBmz1ESajyykzbzBRQgq884HjfcivN_ZCm9+=cE+A@mail.gmail.com>
Date: Fri, 13 Dec 2013 11:19:05 -0800
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Jon Callas <jon@callas.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Dec 12, 2013, at 7:19 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> What has changed here is Snowdonia has arrived.
>
> This may not be the most relevant response to Snowden but it is the crypto deployment that gives the end user the most security for the least effort.
Please don't think I am trying to discourage you. You're doing something fantastic here. I'm only trying to give some hints based on my own successes and failures.
The major reason email security has failed is that crypto is easy, user experience is hard. The developments have focused on the crypto, and only then on the UX. Even the best ones fall down on the most important parts of UX, the initial experience.
Every place I have succeeded, it's because we started with the UX and made the crypto work. The places where we let the crypto trump the UX, we failed.
Snowdonia is giving a spur to lots of people to finally get off their asses and do something. However, if they think to themselves, "Well, the NSA isn't after *me*..." then we're back where we were.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1
wj8DBQFSq12qsTedWZOD3gYRAquSAJ4tUO+gm01Ccttp7H6VLyJ8jU9kvACg+Fbv
4QULkM5zLwNGVhX1K7CPIpY=
=9JZu
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
