On Saturday, January 3, 2015 8:15 AM, Joseph Bonneau <[email protected]> wrote:
> However, I think it's also possible (and indeed common) to > make a design error by assuming all users have the same values > as we do, or would "if only they knew" and therefore we should > try to force them into a high level of security. I certainly don't think that; I do think that we can achieve a very high level of security while not being any harder to use than some password synchronization services. > Personally, I think many users' desire for end-to-end security > ends well short of printing backup codes Quite likely. > or running a pairing > protocol that prevents them from instantly using a new device. Maybe. > If this is required to use multiple devices, I'm worried that > the result will be a large number of users signing up for some > new cloud service which manages a single private key for them > and lets them fetch their messages from any device (using > passwords and HTTPS), at which point end-to-end security is > gone. Sure. But that's not a good argument against designing a system which provides as good of security as is possible for users who do care. (Maybe there will need to be an "always be secure" checkbox at first...) - dlg _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
