[messaging] User key lookup and the Web PKI analogy
bascule at gmail.com
Tue Aug 19 15:36:07 PDT 2014
On Tue, Aug 19, 2014 at 3:27 AM, Trevor Perrin <trevp at trevp.net> wrote:
> There may still be reasons to prefer a centralized system, or to use
> it in conjunction with other options. But I think that needs to be
> justified on better grounds than "it worked for the web"
It's easy to argue that the X.509 PKI used by the web has failed. However,
it has provided users with a relatively seamless system that provides a
barrier-to-entry for attacks. I'd place the emphasis on the former: by
being mostly seamless, your average non-technical user has been able to
partake of the security benefits in the common case, even if there are many
known attacks that can be targeted at specific users.
I would argue that a usable secure messaging system needs to seek a similar
level of seamless UX. Good security is like air: the only time you should
have to worry about it is when it's missing.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging