On 2011-07-13 7:24 AM, Zooko O'Whielacronx wrote:
On Tue, Jul 12, 2011 at 11:10 AM, Hill, Brad<bh...@paypal-inc.com> wrote:
I have found that when H3 meets deployment and use, the reality too often becomes:
"Something's gotta give." We haven't yet found a way to hide enough of the
complexity of security to make it free, and this inevitably causes conflicts with goals
like adoption.
This is an excellent objection. I think this shows that most crypto
systems have bad usability in their key management (SSL, PGP). People
don't use such systems if they can help it, and when they do they
often use them wrong.
Considering how often engineers have screwed up key management, asking
end users to manage keys is guaranteed to fail.
All new systems combine key management with address management, so that
the user faces no extra clicks to keep his keys in sync with his
addresses. For example a bitcoin address looks like
1Kaa6Y7F61aQER8jZBoBtfEVscAQ1KjAGk (a petname is associated with each
address)
and a tor hidden service looks like
http://ianxz6zefk72ulzz.onion/index.php (Tor relies on the Mozilla
bookmarking system for petnames, while bitcoin has its own address
management UI to enter petnames)
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
