Excerpts from mail.nonpersonal: 10-Dec-95 Re: More FUD from First Vir.. "Ed Carp"@netcom.com (5360)
IMO, taking the complexity out of the key management process will almost certainly lead to designers and programmers making bad decisions about how the process should work
This is exactly right. In fact, it isn't even just bad programmer decisions; some of the complexity is really inherently needed for security. PGP's notion of who you trust to certify keys, for example, confuses the heck out of naive users, who want to "trust" anyone they believe is a good person, not just people they believe are sophisticated enough to sign keys. It's really hard to explain to some people why they should say, "No, I don't trust Grandma." What a lot of people don't seem to realize is that, in crypto software, there is a fundamental tradeoff between usability and security. You can simplify PGP (or similar software) to the point where it's easy to deal with key management, but it will then be far more susceptible to compromise. Key management is the Achilles heel of crypto-for-the-masses. I know there are some people who want to shoot the messenger, and who think that by stating this fact, I am declaring myself an opponent of cryptography, but the fact is that my company has been using PGP very heavily internally for almost 2 years, and we think we've managed our keys securely, but it has taken a lot of effort and user education. The experience has left us more skeptical than ever about secure key management by and for millions of non-technical customers. -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf