On 1/16/2017 10:15 AM, Razer wrote:
If you really need security a small learning curve is acceptable and attainable.
No it is not. And proof is that it is not in fact attained. Further a small learning curve is not needed. We can in fact have zero clicks security - placing the burden on designers and developers, not users. For example phishing could easily be abolished by making all passwords zero knowledge password protocol under the hood and placing logins in the chrome. Well, not easily because we would have to rewrite existing standards and redo much existing software, but easily for the end user, who would scarcely notice that anything had changed. Similarly, it is possible to ensure that the mapping between public keys and IDs looks the same for everyone in the world, preventing MIM attacks without burdening the user to manage his public keys himself.