From: Raph Levien <raph@c2.org>
To: cypherpunks@toad.com
Message Hash: f3a7a88ea7307801e220ed33aae6d225b0a1764b33295a76d40d9bb69530bdcc
Message ID: <Pine.SUN.3.91.951127104220.6244B-100000@infinity.c2.org>
Reply To: N/A
UTC Datetime: 1995-11-27 19:33:05 UTC
Raw Date: Tue, 28 Nov 1995 03:33:05 +0800
From: Raph Levien <raph@c2.org>
Date: Tue, 28 Nov 1995 03:33:05 +0800
To: cypherpunks@toad.com
Subject: The future will be easy to use
Message-ID: <Pine.SUN.3.91.951127104220.6244B-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain
Here's a quote from Bill Gates' book:
The mechanism that will make this possible is based on
mathematical principles, including what are called
"one-way functions" and "public-key encryption." These
are quite advanced concepts, so I'm only going to touch
on them. Keep in mind that regardless of how complicated
the system is technically, it will be extremely easy for
you to use. You'll just tell your information appliance
what you want it to do and it will seem to happen
effortlessly.
(Thanks to the anonymous person who typed it in)
We may not all like Bill Gates, and some of us even boycott his
software, but we must admit he is a very shrewd businessman and knows
which side of his toast is buttered. I think this paragraph is right on
the mark. The competition for which cryptographic protocol wins will be
decided on the basis of usability.
The "dark forces" are no doubt aware of this fact, and have already
made some advances in this area. One example is the Fortezza card.
If cypherpunks are to have any hope of getting their vision of strong
crypto implemented and deployed, it has to be in the context of usable
systems.
Form this perspective, let's take a look at the recent thread on
"establishing trust." Carl Ellison advocates the MOSS alias system. My
understanding of this system is that individual users associate "aliases"
with public keys. If done right, it can work well. However, from a
usability perspective, it is just one more trouble spot.
First, on what basis will users decide which keys are worthy of being
assigned which aliases? Public keys are big hunks of base64 encoded
gibberish. They are difficult to present in a user interface, difficult
to communicate in alternate, known secure channels (such as telephone
calls and face to face communication). There is no way that a person
could memorize one.
The other issue is how much time and energy the user has to spend
keeping the alias database up to date. There is no way to communicate
securely with anyone who's not in the database. If the user is
communicating with a large number of people, then it's very tempting to
get sloppy.
There's no way around it. This kind of system will not make it in the
big time. As I see it, any system that does must have the following
properties:
* Some variant on the Web of Trust.
* Online key-servers for getting keys in real time.
* A clean mechanism for validating keys through alternate channels.
There are three possible outcomes: we build it, the NSA builds it, or
Microsoft/Netscape builds it. This last outcome might not be so bad, but
only in the first one can we rely on our principles being advanced.
Raph
Return to November 1995
Return to “Raph Levien <raph@c2.org>”
1995-11-27 (Tue, 28 Nov 1995 03:33:05 +0800) - The future will be easy to use - Raph Levien <raph@c2.org>