It's 2014. Are we there yet?
JPClizbe at tx.rr.com
Thu Apr 10 06:16:47 CEST 2014
Robert J. Hansen wrote:
>> The “secure communications” paradigm of course spans a whole spectrum
>> from “I don’t give a ****” to “I’ll do anything to protect my
>> communications, including giving away my first born”. I suspect the
>> “average Joe user” in 2014 is slightly above the former, but way below
>> the latter. Without going to the other end of the spectrum, what will
>> make adoption of secure communications a bit more palatable to the
>> “average Joe user”?
> Every year or so this subject comes up, and my answers are unchanged
> from last time: start by reading up on academic papers studying this
> exact problem. For a while John Clizbe and I kept a list of good
> papers, but I have to confess I haven't been keeping up on the latest
> literature. Still, our last list is pretty good reading.
> (These selections come from both John and me, but John is the one who
> assembled them into proper cite format -- thanks, John. For the
> original message, see "Re: what is killing PKI?" on this mailing list,
> posted on 24 Aug 2012.)
Oh yeah, THAT thread. There hasn't been much new work that I've seen.
Certainly nothing invalidating any of these.
The list along with available from links:
Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
Available at: http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf
I would also add
Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
and Miller, R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.
Available at: http://simson.net/ref/2004/chi2005_smime_submitted.pdf
And a perennial favorite:
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can’t Encrypt: Evaluating the Usability of
Email Encryption Software. Poster session, 2006 Symposium On Usable
Privacy and Security, Pittsburgh, PA, July 2006.
And its predecessor:
Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
Symposium, Washington, DC, August 1999.
> > Everyone on this mailing list has their own pet theory for why PKI
> > adoption is so lousy. All of us are probably wrong. However,
> > published, peer-reviewed studies of PKI adoption and the forces driving
> > and inhibiting them are probably less wrong.
The peer reviewed literature has many, many, references on this topic.
They're a great place to start when assumptions and pet theories take root.
2nd msg:Chatting with Kristen [Fiskerstrand], he pointed me to
Usability of Security: A Case Study. Alma Whitten and J. D. Tygar.
Carnegie Mellon University Computer Science technical report CMU-CS-98-155,
'The unmotivated user property' and 'The abstraction property' are
particularly worth noting and keeping in mind.
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 475 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users