Making the case for smart cards for the average user

[Robert J. Hansen]

> Of course smart cards aren't some kind of magic bullet, but if the 
> goal is to drive wider adoption of GnuPG and OpenPGP based 
> cryptography, I can't shake the feeling that smart cards are a huge 
> part of the answer. Thoughts?

(ObWarning: no facts, just opinions.)

I think the biggest problem we face, to be honest, is our conviction
that there's an answer out there and we just have to find it.  It seems
to me far more likely that it's like curing cancer -- if/when we finally
cure cancer, we won't cure cancer, because there is no single thing,
"cancer".  Cancer is a name we give to literally thousands of distinct
different diseases which have exactly one thing in common: uncontrolled
cell growth.  Leukemia isn't glioblastoma, and my wanting to keep my
email safe against sneaking sysadmins isn't the same as a human rights
worker in Syria who's living under persistent surveillance.

In a similar vein, I don't think we will ever reach "the answer" for
email crypto.  There are too many people with too many different use
cases, skill levels, threat models, needs, and so on.  Our obsession
with finding "the answer" seems to blind us to the possibilities of
making small positive changes in small communities, with the idea that
if we do this enough times, for enough small communities, we might be
able to make a difference overall.

So -- no, I actually don't hold out much hope for your project.  Smart
cards are not part of the answer, because I don't think there's an
answer to be had.

But smart cards could definitely be a part of many small answers.  :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150313/0752916c/attachment.sig>