From: Ernest Hua <hua@chromatic.com>
Date: Wed, 31 Jan 1996 07:43:00 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <ad32cd9601021004af4e@[132.162.233.188]>
Message-ID: <199601301936.LAA01260@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> This is the first net distributed "security alert" distributed that
> I've noticed, with almost no real content.  No one who knows a bit about
> computer security learned anything they didn't already know from that
> "alert".  Rather, it was distributed in the _form_ of a CERT-like alert,

This sort of remark is just uncalled for.  The point NSB made in his
message was precisely that the average person does NOT know anything
about computer security.

While his alert is not necessarily designed for the audience on this
list, it is worth paying attention to because it brings up issues
which this list has had to deal with many times in the past.  One
classic example is usability of PGP.  If PGP is so good for the
masses, why aren't they just flocking to it.  The problem is that it
is more than just point and click.  User interfaces designed for the
masses go through endless hours of reviews dealing with "one click
or two" issues.  We can up the snobbery level and say, "if you
cannot take the time to protect your E-mail, then you deserve to
have your mail spied upon."

But I was under the impression that cypherpunks are supposed to lead
the way, not cut loose and run.

Ern