On Sat, 2 Nov 2002, Tim May wrote: > PK crypto has made a lot of things a lot easier, but expecting it all > to work with a click of a button is naive. Of course, most of us don't > actually have secrets which make protocols and efforts justifiable. > There's the rub.
I expect it to work with the click of a button. If our goal is that crypto not be simply something for the "members of the cypherpunk crypto hackers club", and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how "important" a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide "military-strength" crypto in a "one-click" solution, then so be it. Does the average user need "military-grade" solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of "all or nothing" strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
