[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ::scr tales from the crypto

To: scr@xxxxxxxxxxxxxx
Subject: RE: ::scr tales from the crypto
From: Dan Argent <dan@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Apr 2002 09:42:10 +0100
List-archive: <http://thegestalt.org/pipermail/scr/>
List-help: <mailto:scr-request@thegestalt.org?subject=help>
List-id: just zis list, ya know? <scr.thegestalt.org>
List-post: <mailto:scr@thegestalt.org>
List-subscribe: <http://thegestalt.org/mailman/listinfo/scr>, <mailto:scr-request@thegestalt.org?subject=subscribe>
List-unsubscribe: <http://thegestalt.org/mailman/listinfo/scr>, <mailto:scr-request@thegestalt.org?subject=unsubscribe>
Reply-to: scr@xxxxxxxxxxxxxx
Sender: scr-admin@xxxxxxxxxxxxxx

> But Matt's original question was how to get it working for 
> John and Jane
> Noclue who have neither the nous nor the inclination to get 
> into the itty
> gritty. The seamless implementation is all important here. Having the
> recipient open up a message and find out s|he can't decrypt 

I think that's part of the problem. If the users have to DO something, then
they realise that something is going on behind the scenes. 

Every user understands about passwords, even if they choose noddy ones. 
I think hiding the way things work is another "security through obsucurity"
thing.

Of course you don't want the users to perform the encryption themselves with
a paper and a pen, but they should at least be being informed about the key
exchange, and communication with the server and be asked to okay it.

dan

Prev by Date: RE: ::scr tales from the crypto
Next by Date: Re: ::scr tales from the crypto
Previous by thread: Re: ::scr tales from the crypto
Next by thread: Re: ::scr tales from the crypto
Index(es):
- Date
- Thread