When encryption is also authentication...

Graham Lally scribe at exmosis.net
Wed May 29 09:40:26 PDT 2002

Mike Rosing wrote:
 > If digital crypto, signatures or e-cash are going to get into mass appeal,
 > then their operations will be "magic" to the majority.  And it all has to
 > work, to 1 part in 10^8th or better, without user comprehension.
> It may well take "user intervention" to create a signature, but they
> shouldn't have to know what they are doing.

Agreed, the mechanics of a system are unimportant from a user's point of view, 
so long as it works and they can work it. What magic crypto should strive for, 
though, is an understanding in users of the effects its presence promotes, and 
the ramifications involved when it is lacking.

SSL for commerce is readily in place without batting an eyelid these days. 
However, I'd be interested to know just how many users out there would enter 
their card details on an unprotected site, despite the unclosed padlocks and the 
alert boxes. Have security fears and paranoia been abated by widespread crypto 
to the point whereby users will happily transmit private data, whether encrypted 
or nay, just because they *perceive* the threat to now be minimal? Now that the 
media has grown tired of yet-another-credit-card-hack story?

Pointers to any evidence/research into this much appreciated... ta.


More information about the cypherpunks-legacy mailing list