private key protection

Mark H. Wood mwood at IUPUI.Edu
Tue Oct 18 16:59:10 CEST 2011

On Tue, Oct 18, 2011 at 04:23:42PM +0200, Jerome Baum wrote:
> While we're discussing the STEED proposal in the other thread, do you
> think it's better to educate your users and risk loosing them or do you
> think it's better to provide "sensible" defaults for the "average"
> threat model and assume they'll learn everything else over time and
> start tweaking?

I think we would be in error to think about "users" as a single class.

I usually try to educate lightly -- to make all users aware that there
is much more to learn, and to indicate how more learning might be to
their advantage.  Then provide sensible defaults, so that those who
choose to go no deeper will get some benefit, and in-depth
documentation for those who do choose to go deeper so that they can
reap the full benefit (or, at least, as much as each is willing to
work for).

I was pleased to see room for different classes of users in the STEED
paper.  When I encounter software that tries to be helpful, my own
first thought is:  how do I turn that off?  But I recognized long ago
that I was never a "typical" user and my own inclinations are no guide
to popularity. :-/

Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20111018/3b2804ec/attachment.pgp>

More information about the Gnupg-users mailing list