1995-12-11 - Usability of Cryptography (was Re: More FUD from First Virtual)

Header Data

From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: Adam Shostack <ecarp@netcom.com
Message Hash: 5fa356d93b4f2bf19750e3266157de6786888bb46216706995325495013f0739
Message ID: <Ikn1ZhGMc50eA2iscn@nsb.fv.com>
Reply To: <199512102134.PAA19064@khijol>
UTC Datetime: 1995-12-11 21:33:24 UTC
Raw Date: Tue, 12 Dec 1995 05:33:24 +0800

Raw message

From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 12 Dec 1995 05:33:24 +0800
To: Adam Shostack <ecarp@netcom.com
Subject: Usability of Cryptography (was Re: More FUD from First Virtual)
In-Reply-To: <199512102134.PAA19064@khijol>
Message-ID: <Ikn1ZhGMc50eA2iscn@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.nonpersonal: 10-Dec-95 Re: More FUD from First Vir..
"Ed Carp"@netcom.com (5360)

>  IMO, taking 
> the complexity out of the key management process will almost 
> certainly lead to designers and programmers making bad decisions 
> about how the process should work

This is exactly right.  In fact, it isn't even just bad programmer
decisions; some of the complexity is really inherently needed for
security.  PGP's notion of who you trust to certify keys, for example,
confuses the heck out of naive users, who want to "trust" anyone they
believe is a good person, not just people they believe are sophisticated
enough to sign keys.  It's really hard to explain to some people why
they should say, "No, I don't trust Grandma."

What a lot of people don't seem to realize is that, in crypto software,
there is a fundamental tradeoff between usability and security.  You can
simplify PGP (or similar software) to the point where it's easy to deal
with key management, but it will then be far more susceptible to
compromise.

Key management is the Achilles heel of crypto-for-the-masses.  I know
there are some people who want to shoot the messenger, and who think
that by stating this fact, I am declaring myself an opponent of
cryptography, but the fact is that my company has been using PGP very
heavily internally for almost 2 years, and we think we've managed our
keys securely, but it has taken a lot of effort and user education.  The
experience has left us more skeptical than ever about secure key
management by and for millions of non-technical customers.
--------
Nathaniel Borenstein <nsb@fv.com>       | (Tense Hot Alien In Barn)
Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON:
FAQ & PGP key: nsb+faq@nsb.fv.com       | http://www.netresponse.com/zldf





Thread