what is killing PKI?
John at enigmail.net
Sat Aug 25 01:13:54 CEST 2012
Robert J. Hansen wrote:
> On 08/24/2012 08:24 AM, peter.segment at wronghead.com wrote:
>> I propose to you (and to the people who are putting all that hard
>> work into gpg) that there are actually two "things killing PKI":
> At risk of sounding dismissive, I really don't care what your pet theory
> is until such time as you get out into the field, do a formal usability
> study, write up the results and get them accepted to a peer-reviewed
> journal. Once you do that, I will be happy to read your paper, give it
> due weight, and refer other people to it.
> Until then, the definitive work is "Secrecy, Flagging and Paranoia:
> Adoption Criteria in Encrypted Email," by Gaw, Felten and ... one other
> author, blanking on it right now.
Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
Available at: http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf
I would also add
Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
and Miller, R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.
Available at: http://simson.net/ref/2004/chi2005_smime_submitted.pdf
And a perennial favorite:
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can’t Encrypt: Evaluating the Usability of
Email Encryption Software. Poster session, 2006 Symposium On Usable
Privacy and Security, Pittsburgh, PA, July 2006.
And its predecessor:
Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
Symposium, Washington, DC, August 1999.
> Everyone on this mailing list has their own pet theory for why PKI
> adoption is so lousy. All of us are probably wrong. However,
> published, peer-reviewed studies of PKI adoption and the forces driving
> and inhibiting them are probably less wrong.
The peer reviewed literature has many, many, references on this topic.
They're a great place to start when assumptions and pet theories take root.
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 891 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users