[messaging] User key lookup and the Web PKI analogy

Tony Arcieri bascule at gmail.com
Tue Aug 19 15:36:07 PDT 2014

On Tue, Aug 19, 2014 at 3:27 AM, Trevor Perrin <trevp at trevp.net> wrote:

> There may still be reasons to prefer a centralized system, or to use
> it in conjunction with other options.  But I think that needs to be
> justified on better grounds than "it worked for the web"

It's easy to argue that the X.509 PKI used by the web has failed. However,
it has provided users with a relatively seamless system that provides a
barrier-to-entry for attacks. I'd place the emphasis on the former: by
being mostly seamless, your average non-technical user has been able to
partake of the security benefits in the common case, even if there are many
known attacks that can be targeted at specific users.

I would argue that a usable secure messaging system needs to seek a similar
level of seamless UX. Good security is like air: the only time you should
have to worry about it is when it's missing.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140819/d17ae17c/attachment.html>

More information about the Messaging mailing list