what is killing PKI?

Mark H. Wood mwood at IUPUI.Edu
Thu Oct 4 16:59:16 CEST 2012

On Wed, Oct 03, 2012 at 09:19:13PM +0200, Stan Tobias wrote:
> Do we really have evidence people can't encrypt?  For me the "johnny"
> articles were not quite clear about it (they seemed to investigate 
> a different aspect).  I don't believe people are stupid.  They can
> learn to use cryptography, just as they have learned many other things
> in their lives.

I have anecdotal evidence that people *think* they can't.  Just this
week, my wife asked me how to change the passphrase on her PGP private
key.  Now, I would have expected this to be an easy, very visible
operation, and been thunderstruck if I should find it were not, but
whatever.  So I followed her to the computer and just sat there making
encouraging murmurs while she easily navigated Enigmail to the dialog
and did it.  If she had expected the software to be usable, she
wouldn't have needed me at all, because it is.

This isn't confined to crypto software.  A great many people have
acquired considerable skill with computers but little confidence
therein.  There seems to be a lingering expectation that you need a
team of experts to handle the unfamiliar.  Lots of people don't
realize that the experts have been and gone, that the result of good
engineering is that the engineer can go home and let you use the
machine without his oversight.

> Can you imagine a responsible person exchanging sensitive information,
> while not being certain what he does is safe?

Oh, yes.  We have no choice.  See any number of articles about thieves
copying out tens of thousands of *plaintext* passwords from some
e-tailer's systems, or boxes of *unencrypted* backup tapes lost.
Those businesses still have customers.  I think that one hope of the
encrypt-by-default camp is that, when enough people see encryption as
normal, these execrable blunders won't happen anymore.  Another
anecdotal data point: I am still flabbergasted to hear that people
design their systems that way -- to me, it's just *not normal*.

Or look at the dozen messages I get every day purporting to be from
some bank or ISP, telling me that I must send them my password right
away or Bad Things will happen.  Someone must actually respond to
these, or the bad guys wouldn't keep at it.  Probably responsible
people, but they don't know *how* to behave responsibly in this
context.  I wish our trading partners would crypto-sign all of their
emails, so that it could be simple for people to spot scams, and those
scams at least would lose value and disappear.

>  It's a matter of personal
> integrity, it's not enough to tell a user "click here and there, and
> you're fine"; we have to first convince ourselves what we do is right.
> The upshot is that you cannot make cryptography easier for users, they
> will have to study and understand it themselves anyway.

This much I agree with.  But I wonder why they don't.  We don't
have to understand how locks are made, but we do have to understand
how to use them.  And the vast majority of Joe Average Citizens do.
Billions of people have learned to use banks and checkbooks at least
somewhat securely.  I think one difference here is that one is taught
from an early age and *expected* to learn their proper use.

Another is that financial institutions are in the business (when they
can remember it) of keeping things safe, and won't interact with you
unless you follow procedures designed to promote that safety.  Few
find this unreasonable.

Heh, of course I want people to make good practical use of crypto.
Not doing so is costing me time and money.  It's costing them, too,
because I will dump my cart and walk away from an e-store if I think
their processes are too loose -- and I won't be back.  Ceteris
paribus, I would choose a medical practice which has good secure and
convenient IRM over one that doesn't, and I'm learning how to find
that out.  I will write and mail a paper check if I don't trust the
look of your online payment system.

I'm not a security expert, but somehow I realized that I need security
in the virtual world as in the physical world and I had better
understand how to get it.  If more people would cross that bridge, I
wouldn't have to work so hard, because more of the burden would be

Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Who also thinks locks are interesting.  I'm weird -- so what?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20121004/a31225d8/attachment.pgp>

More information about the Gnupg-users mailing list