what is killing PKI?
David Chadwick
d.w.chadwick at kent.ac.uk
Sat Aug 25 14:28:50 CEST 2012
Another paper is
Identifying and Overcoming Obstacles to PKI Deployment and Usage
by Steve Hanna, available from
middleware.internet2.edu/pki04/proceedings/action_plan.pdf
regards
David
On 25/08/2012 00:13, John Clizbe wrote:
> Robert J. Hansen wrote:
>> On 08/24/2012 08:24 AM, peter.segment at wronghead.com wrote:
>>> I propose to you (and to the people who are putting all that hard
>>> work into gpg) that there are actually two "things killing PKI":
>>
>> At risk of sounding dismissive, I really don't care what your pet theory
>> is until such time as you get out into the field, do a formal usability
>> study, write up the results and get them accepted to a peer-reviewed
>> journal. Once you do that, I will be happy to read your paper, give it
>> due weight, and refer other people to it.
>>
>> Until then, the definitive work is "Secrecy, Flagging and Paranoia:
>> Adoption Criteria in Encrypted Email," by Gaw, Felten and ... one other
>> author, blanking on it right now.
>
> Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
> Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
> In Proceedings of the SIGCHI Conference on Human Factors in Computing
> Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
> R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
> G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
> DOI= http://doi.acm.org/10.1145/1054972.1055069
>
> Available at: http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf
>
> I would also add
>
> Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
> and Miller, R. C. 2005. How to make secure email easier to use.
> In _Proceedings of the SIGCHI Conference on Human Factors in Computing
> Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
> CHI '05. ACM, New York, NY, 701-710.
> DOI= http://doi.acm.org/10.1145/1054972.1055069
>
> Available at: http://simson.net/ref/2004/chi2005_smime_submitted.pdf
>
> And a perennial favorite:
>
> Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
> Hyland. Why Johnny Still Can’t Encrypt: Evaluating the Usability of
> Email Encryption Software. Poster session, 2006 Symposium On Usable
> Privacy and Security, Pittsburgh, PA, July 2006.
> http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf
>
> And its predecessor:
>
> Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability
> Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
> Symposium, Washington, DC, August 1999.
> http://bit.ly/OaEeTD
>
>> Everyone on this mailing list has their own pet theory for why PKI
>> adoption is so lousy. All of us are probably wrong. However,
>> published, peer-reviewed studies of PKI adoption and the forces driving
>> and inhibiting them are probably less wrong.
>
> The peer reviewed literature has many, many, references on this topic.
> They're a great place to start when assumptions and pet theories take root.
>
> http://scholar.google.com/scholar?q=email+encryption
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
More information about the Gnupg-users
mailing list