> the end-user understanding is the weak point And often, specifically, key management.
This, however, takes first prize as a key management fail. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Harminc Sent: Thursday, August 22, 2019 8:28 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: vendor distributes their private key On Thu, 22 Aug 2019 at 11:06, Charles Mills <charl...@mcn.org> wrote: > You might ask what part of *private* key they are having trouble > understanding. See "Why Johnny Can't Encrypt" (1999) https://pdfs.semanticscholar.org/389f/55c5c376db4ce1c88161dca98c329614faa8.pdf and "Why Johnny Still Can't Encrypt" (2016) https://arxiv.org/pdf/1510.08555 Youtube seems to have videos on these topics, but I haven't looked at any of them. The above are talking specifically about PGP, but many of the lessons are common to other cryptosystems. The crypto is fine, but the end-user understanding is the weak point. Sure, maybe they should be crypto experts, but not every software developer is. See also Ross Anderson's "Why Cryptosystems Fail". ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
