Messrs Anonymous' Crypto Literacy project is a worthwhile idea but I found this reminder of the obstacles: Excerpted from eweek 21 Aug 00 in quotes "PKI Alternatives" p 20 "instead of applying security to all email, ala PKI, new solutions allow users to apply the small amount of email that requires sequrity to a separate secure system" Besides treating PKI-systems as a single system/UI, this is just the wrong way to handle security. A lot can be figured from plaintext messages. "We hide in plain site... most people will spend their time sniffing SMTP instead of HTTP" Uh huh. "Safeloop is a closed network of users who are able to exchange secure messages" Proprietary, closed network, bub. "Many in Blodeau's industry [health care] have assumed PKI would be required to comply with HIPAA (Health Insurance Portability and Accountability Act), but he said [Safeloop] is vastly less expensive and has been deemed HIPAA-ready by federal officials" One suspects the HIPAA discusses confidentiality and does not require PKI. No one needs PKI for confidentiality; its a convenience. And note the use of Fedz endorsement for Cover Your Ass purposes. "But in health care, there's not the talent, money, patience nor trust of computers really to adopt PKI" Again, Safeloop is some kind of legless lizard lipid PKI-ish system, but this dodo seems to think some particular hard-to-use app that he's stumbled over *is* "PKI". A sidebox references Whitten & Tygar's "Why Johnny Can't Encrypt" study wherein most UCB students couldn't learn PGP 5.0 cold in 90 minutes. ------------- Random thought on audience to educate. You might consider making a home-study 'module' (containing tests, worked examples, screencapture-movies of operations being done, test messages and keyrings so they can try it alone) suitable for interested kids. With well defined goals and test points. Don't assume people have the problem-solving or scientific skills of cp readers. Infinately more pedantic than the self-study tutorials for tech adults that is more common. Keep the vocab simple and the sentences short. Include crypto software in the CDROM (heck, throw in a compiler or two), package it in a brightly colored box, give it away at Toys R Us, give it to the HeteroGodscouts to earn a computer literacy patch. Crypto before college. After all, kids are amongst the most surveilled population. They also have time to learn new things, and parents would be happy to get good lessons cheap. Plus you get to whine "Its for the chiiiildren..."
