> [EMAIL PROTECTED] > > "D. K. Smetters" <[EMAIL PROTECTED]> writes: > > > However, given the difficulty people have in managing keys in general, > > building effective systems that allow them to manage key fragments is beyond > > the range of most current commercial products. > > I think that's the perfect summary of the problem with threshold schemes. > The processes they involve is simply too complex both to model mentally for > users and to build an interface to.
Heck, even normal key management seems to be too much. Most real world secure systems I seen have a "leap of faith" aspect to them when distributing the first key (such as a CA or a login server's public key). Often MITM scenarios are not properly considered when distributing the session keys/ certificates. Software ease-of-use/automation trumps properly done key management/user enrollment. It's a pity because often millions of people start using them before the serious problems start to crop up (like thievery or illegal wiretapping) and then it's too late to retrofit them properly (for example Skype seems to have made these types of mistakes). - Alex --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]