Posted Jun 23, 2011 9:29 UTC (Thu) by ortalo (subscriber, #4654)
Parent article: On keys and users
Two thoughts I'd like to share for further discussion if anyone is interested:
- occasionnally and probably provocatively, I come to say that cryptography cannot be used to solve any security problem, but that it can be used to *move* it (from the protection of the data to the protection of the key(s)). These are still impressive achievements by the way; but using cryptography does not mean we do not have to address all other security issues correctly (integrity checks, access checks, authentication, authorization, revocation, monitoring, etc.).
- "For many, the additional hassles required to securely communicate may not be overcome by the concern that their communications may be intercepted." Computers offer us astounding new opportunities with respect to information security, not limited to ciphering. In the civil domain, these opportunities are probably even more astounding for integrity (signature, authentication, etc.) than for confidentiality issues. Why not try to go after original features to motivate most users to overcome the hassles? (For example, the Internet explosion of the 2000s boom was targeted at e-commerce; what about offering novel features surrounding money issues like peer-to-peer contracting? $$ tend to motivate many...)