[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The future will be easy to use



Here's a quote from Bill Gates' book:

   The mechanism that will make this possible is based on
   mathematical principles, including what are called
   "one-way functions" and "public-key encryption." These
   are quite advanced concepts, so I'm only going to touch
   on them. Keep in mind that regardless of how complicated
   the system is technically, it will be extremely easy for
   you to use. You'll just tell your information appliance
   what you want it to do and it will seem to happen
   effortlessly.

(Thanks to the anonymous person who typed it in)

   We may not all like Bill Gates, and some of us even boycott his 
software, but we must admit he is a very shrewd businessman and knows 
which side of his toast is buttered. I think this paragraph is right on 
the mark. The competition for which cryptographic protocol wins will be 
decided on the basis of usability.

   The "dark forces" are no doubt aware of this fact, and have already
made some advances in this area. One example is the Fortezza card. 

   If cypherpunks are to have any hope of getting their vision of strong 
crypto implemented and deployed, it has to be in the context of usable 
systems.

   Form this perspective, let's take a look at the recent thread on
"establishing trust." Carl Ellison advocates the MOSS alias system. My
understanding of this system is that individual users associate "aliases" 
with public keys. If done right, it can work well. However, from a
usability perspective, it is just one more trouble spot. 
   First, on what basis will users decide which keys are worthy of being
assigned which aliases? Public keys are big hunks of base64 encoded
gibberish. They are difficult to present in a user interface, difficult 
to communicate in alternate, known secure channels (such as telephone 
calls and face to face communication). There is no way that a person 
could memorize one.
   The other issue is how much time and energy the user has to spend 
keeping the alias database up to date. There is no way to communicate 
securely with anyone who's not in the database. If the user is 
communicating with a large number of people, then it's very tempting to 
get sloppy.

   There's no way around it. This kind of system will not make it in the 
big time. As I see it, any system that does must have the following 
properties:

   * Some variant on the Web of Trust.

   * Online key-servers for getting keys in real time.

   * A clean mechanism for validating keys through alternate channels.

   There are three possible outcomes: we build it, the NSA builds it, or 
Microsoft/Netscape builds it. This last outcome might not be so bad, but 
only in the first one can we rely on our principles being advanced.

Raph