Steven M. Bellovin wrote:

Certainly, usability is an issue. It hasn't been solved because there's no market for it here; far too few people care about email encryption.

Usability is the issue.  If I look over onto
my skype window, it says there are 5 million
or so users right now.  It did that without
any of the hullabaloo of the other systems,
and still manages to encrypt my comms.  By
some measures it is the most successful crypto
system ever.

Over on Ping's site there is this little essay
about something or other:

http://usablesecurity.com/2006/02/08/how-to-prevent-phishing/

Which starts out:

  "So, right up front, here is the key property of this proposal:
   _using it is more convenient than not using it_. "

Which relates back to Kerchoffs' 6th principle.

To add to that:

To get people to do something they will say "no"
to, we have to give them a freebie, and tie it
to the unpleasantry.  E.g., in SSH, we get a better
telnet, and there is only the encrypted version.
In skype we get a cheaper phone call, and there
is only the encrypted version.

The problem with PGP is that there is no loss
leader in it, and it is possible to turn it off.
Same with SSL.  So that's what people do - they
say no.



iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to