[95267] in cryptography@c2.net mail archive
Re: New article on root certificate problems with Windows
daemon@ATHENA.MIT.EDU (Ian G)
Thu Jul 19 18:57:50 2007
Date: Thu, 19 Jul 2007 18:10:38 +0200
From: Ian G <iang@systemics.com>
To: pgut001@cs.auckland.ac.nz
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, cryptography@metzdowd.com
In-Reply-To: <20070720024534.becq2x3qfsskc04g@webmail.cs.auckland.ac.nz>
pgut001@cs.auckland.ac.nz wrote:
> From a security point of view, this is really bad. From a usability
> point of
> view, it's necessary.
I agree with all the above, including deleted.
> The solution is to let the HCI people into the
> design
> process, something that's very rarely, if ever, done in the security
> field [0].
To jump up and down ... if that was the solution, it would
have been done by now :)
I would instead state that the solution was whatever Skype
and SSH did. And the opposite of whatever IPSec, SSL,
Clipper, S/MIME, DRM, and all the other failures did.
HCI was one of the things, but others were as important:
lack of open critique, service-before-security,
crypto-for-free, total solution, narrow problem, etc.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
