::scr tales from the crypto
Dan Argent
scr@thegestalt.org
Mon, 22 Apr 2002 09:42:10 +0100
> But Matt's original question was how to get it working for
> John and Jane
> Noclue who have neither the nous nor the inclination to get
> into the itty
> gritty. The seamless implementation is all important here. Having the
> recipient open up a message and find out s|he can't decrypt
I think that's part of the problem. If the users have to DO something, then
they realise that something is going on behind the scenes.
Every user understands about passwords, even if they choose noddy ones.
I think hiding the way things work is another "security through obsucurity"
thing.
Of course you don't want the users to perform the encryption themselves with
a paper and a pen, but they should at least be being informed about the key
exchange, and communication with the server and be asked to okay it.
dan