On 6/10/2013 8:15 PM, reynt0 wrote:
> As pointed out at the start of a gestural interface programming book
> I have, Apple iOS made it possible to use a fancy computer by using
> no more than the skills of a chimpanzee.
Interesting you should say that. Apple's Certificate Manager
application (on
On Sun, 9 Jun 2013, Robert J. Hansen wrote:
. . .
That's why I'm so skeptical of all claims that if we just fix the UI
we'll solve the adoption problem. The problem isn't UI.
. . .
As pointed out at the start of a gestural interface
programming book I have, Apple iOS made it possible
to use
On Sun, Jun 09, 2013 at 11:52:32PM -0400, Robert J. Hansen wrote:
> On 6/9/2013 11:14 PM, Hauke Laging wrote:
[snip]
> > The reason that most people do not use crypto is the most trivial
> > one: They don't think they need it.
>
> This is not supported by the studies. Many people who do not use c
On 06/10/2013 03:14 AM, Hauke Laging wrote:
What a mouthful. I shortened it to those things most relevant
to me. My keys are NOT part of the WoT due mostly to nobody
around my home having OpenPGP keys. I would say that I have
a higher option that you do of the Wot when contrasted with
one SSL
On 6/9/2013 11:14 PM, Hauke Laging wrote:
> The reason hardly anybody uses crypto is not that its usage was
> complicated (I know, I a minute Rob will post his usability study
> link and ask for my sources...).
Yes, I will repeat my mantra: unless you're looking at peer-reviewed
usability studies
Am Sa 08.06.2013, 16:16:18 schrieb Daniel Kahn Gillmor:
> People simply won't use tools that they aren't comfortable with.
This is much more about understanding the connections and seeing what's
necessary to achieve a certain goal. And understanding which is the right goal
in every single case.
On 06/08/2013 01:03 PM, Daniel Kahn Gillmor wrote:
> fwiw, some people might not be comfortable certifying a User ID
> ("signing a key") with such a comment, since it is not actually a
> part of the user's identity. How is an OpenPGP certifier supposed
> to validate the correctness of this commen
On 06/08/2013 03:21 PM, Hauke Laging wrote:
> Crypto is NOT about comfort but about security. The point is: Does a
> certification make sense? Most certifications I see do not.
People simply won't use tools that they aren't comfortable with. This
is a delicate tradeoff, but if you're willing to
Am Sa 08.06.2013, 13:03:06 schrieb Daniel Kahn Gillmor:
> fwiw, some people might not be comfortable certifying a User ID
> ("signing a key") with such a comment,
Crypto is NOT about comfort but about security. The point is: Does a
certification make sense? Most certifications I see do not.
The
On 06/07/2013 06:54 PM, Hauke Laging wrote:
> In addition to what Doug has said: I recommend to have one UID without email
> address. Just your name and a comment (like "everyday key on smartcard with
> offline main key; see policy URL".
fwiw, some people might not be comfortable certifying a U
On Fri, 07 Jun 2013 13:22:04 -0700
Doug Barton wrote:
> I'm not sure where you're getting this "15 years" number.
Up until now I've usually went with short-lived (1-2 years) keys. After
each period I'd simply replace them with completely new ones. Since
this can be a bit cumbersome, I wanted to
On Sat, 08 Jun 2013 00:54:40 +0200
Hauke Laging wrote:
> > With my OpenPGP smart-card set-up almost done (master key on one card,
>
> With backup? If not: Are you sure this card is going to survive for 15 years?
Of course. I've actually initialised everything in the offline mode,
including b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/07/2013 03:49 PM, Hauke Laging wrote:
| Am Fr 07.06.2013, 13:22:04 schrieb Doug Barton:
|
|> Personally I have used this strategy and it
|> has worked well for me.
|
|> OTOH, others on this list, and many keys that I have signed over the
|> ye
Am Fr 07.06.2013, 22:09:01 schrieb Branko Majic:
> With my OpenPGP smart-card set-up almost done (master key on one card,
With backup? If not: Are you sure this card is going to survive for 15 years?
> What are the general recommendations on what to use the user ID for
> (i.e. which e-mail addr
Am Fr 07.06.2013, 13:22:04 schrieb Doug Barton:
> Personally I have used this strategy and it
> has worked well for me.
> OTOH, others on this list, and many keys that I have signed over the
> years, have combined various roles (i.e., personal and work e-mail
> addresses) on the same key, so that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm not sure where you're getting this "15 years" number.
In any case, the conventional wisdom is that for completely distinct
roles (such as personal vs. work) that separate keys is the way to go.
That way when you no longer have the work role the
16 matches
Mail list logo
