PGP signatures.
Patrick O'Callaghan
pocallaghan at gmail.com
Sat May 31 18:52:09 UTC 2008
On Sat, 2008-05-31 at 10:59 -0700, Les wrote:
> The truly hard part of any secure system is the user understanding of
> how security applies to the actual information and the keys. And that
> is the most difficult part of all, but I wouldn't call it confusing,
> just really detail oriented.
The encryption as such is not hard to understand (given that the user
doesn't actually need to understand it in order to use it). The problem
is key management, as pointed out by the Stanford paper. Virtually no
significant security breaches (that we know of) are caused by someone
breaking the encryption. They always turn out to be problems of key
generation and/or key management. Call it "confusing" or call it
"detail-oriented" it amounts to the same thing: for the vast majority of
users it's outside their area of expertise and they find it hard to deal
with.
poc
More information about the fedora-list
mailing list