On Wed, Aug 29, 2012 at 12:00:22AM -0400, Landon Hurley wrote: [snip] > The barrier is solely cultural, not technical. Enigmail, Thunderbird and > gpg4win are trivial to set up. The first time I did it, it was on the > phone, talking someone through it. So we either need to invent some sort > of massive threat perception to unite everyone to adopt PKI, or just > continue to push it as a grass roots movement. Or if some kind person > would like to introduce a viable third option, I think a decent portion > of humanity would owe him/her a debt. On the other hand, I'm advocating > a rather heavy handed, Platonian, do it for people's own good even if > they don't like it/decide they need it, so I'm sure at least some, or > even most, will disagree as well. I will add my confession to the pile > of selfish reasons to want to have PKI become widespread.
I'm not sure that the average person's current mode of living really exposes him to a threat big enough to take seriously. Rather than a threat of actual loss, I feel that we face an opportunity cost: there are things we could do differently, arguably better, if we could do them securely via electronic media. We simply wouldn't think of discussing possibly embarassing personal matters with our doctors by email, even if the doctors would agree to, so we don't ask. We still carry around hand-scrawled prescriptions, or cross our fingers and hope that the doctor's FAX calls to the pharmacy are really secure, when we could (given the infrastructure) get a (long!) number that can be verified as coming from the doctor, verified to still say what he said, and unlocked only with our personal smart card and PIN. (Also it would have to be typewritten, so it wouldn't be so hard to interpret. :-) We could do e-commerce without worrying about our trading partners' losing a truckload of backup tapes or being massively compromised from afar, because we would never give them any secrets worth stealing. We could manage a handful of certificate passwords instead of a thousand website passwords. We could probably do a lot of other stuff that I haven't thought of because, in our present nearly-naked condition, it's unthinkable. Individuals wouldn't be the only beneficiaries. The first bank in town to offer free or discounted certificates *and* more-secure e-banking would have a competitive advantage. The first e-tailer to offer security the others can't touch should win the business of consumers who are worried by all the "'hackers' capture 200,000 passwords" stories in the papers. The doctor or lawyer who adopts a pervasive records security plan (of which customer communications would be but a part) should be able to negotiate lower insurance premiums. It seems to me that people are leaving money on the table all over. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgpCWucmGSdXw.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users