what is killing PKI?

Landon Hurley ljrhurley at gmail.com
Wed Aug 29 21:14:50 CEST 2012

Hash: SHA512

On 08/29/2012 10:18 AM, Mark H. Wood wrote:
> On Wed, Aug 29, 2012 at 12:00:22AM -0400, Landon Hurley wrote: 
> [snip]
>> The barrier is solely cultural, not technical. Enigmail,
>> Thunderbird and gpg4win are trivial to set up. The first time I
>> did it, it was on the phone, talking someone through it. So we
>> either need to invent some sort of massive threat perception to
>> unite everyone to adopt PKI, or just continue to push it as a
>> grass roots movement. Or if some kind person would like to
>> introduce a viable third option, I think a decent portion of
>> humanity would owe him/her a debt. On the other hand, I'm
>> advocating a rather heavy handed, Platonian, do it for people's
>> own good even if they don't like it/decide they need it, so I'm
>> sure at least some, or even most, will disagree as well. I will
>> add my confession to the pile of selfish reasons to want to have
>> PKI become widespread.
> I'm not sure that the average person's current mode of living
> really exposes him to a threat big enough to take seriously.
> Rather than a threat of actual loss, I feel that we face an
> opportunity cost: there are things we could do differently,
> arguably better, if we could do them securely via electronic
> media.
> We simply wouldn't think of discussing possibly embarassing
> personal matters with our doctors by email, even if the doctors
> would agree to, so we don't ask.  We still carry around
> hand-scrawled prescriptions, or cross our fingers and hope that the
> doctor's FAX calls to the pharmacy are really secure, when we could
> (given the infrastructure) get a (long!) number that can be
> verified as coming from the doctor, verified to still say what he
> said, and unlocked only with our personal smart card and PIN.
> (Also it would have to be typewritten, so it wouldn't be so hard to
> interpret. :-) We could do e-commerce without worrying about our
> trading partners' losing a truckload of backup tapes or being
> massively compromised from afar, because we would never give them
> any secrets worth stealing.  We could manage a handful of
> certificate passwords instead of a thousand website passwords.  We
> could probably do a lot of other stuff that I haven't thought of
> because, in our present nearly-naked condition, it's unthinkable.
> Individuals wouldn't be the only beneficiaries.  The first bank in 
> town to offer free or discounted certificates *and* more-secure 
> e-banking would have a competitive advantage.  The first e-tailer
> to offer security the others can't touch should win the business
> of consumers who are worried by all the "'hackers' capture 200,000 
> passwords" stories in the papers.  The doctor or lawyer who adopts
> a pervasive records security plan (of which customer
> communications would be but a part) should be able to negotiate
> lower insurance premiums.  It seems to me that people are leaving
> money on the table all over.
> _______________________________________________ Gnupg-users mailing
> list Gnupg-users at gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Sorry, I was using the term threat and cost of not utilizing an
opportunity interchangeably in my head. I completely agree with you,
there are things I also had a thing about businesses originally in
there, and dropped it because I didn't want to throw even more text in
one email. Again, completely agree.

As for your second paragraph, I don't even trust my pharmacy to
actually act upon stuff they receive in some cases. I wish they could
actually be secure, but I don't anticipate it. I honestly wish I could
change from a mail order company.

I do have a question about where you talk about backups though. How
does PKI prevent back up loss?

- -- 
Violence is the last refuge of the incompetent.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the Gnupg-users mailing list