Re: [TLS] the use cases for GSS-based TLS and the plea for

To: martin.rex at sap.com
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
From: pgut001 at cs.auckland.ac.nz
Date: Sat, 28 Jul 2007 04:17:33 +1200
Cc: tls at ietf.org
In-reply-to: <200707271551.l6RFpb7W021006@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200707271551.l6RFpb7W021006@fs4113.wdf.sap.corp>
User-agent: Internet Messaging Program (IMP) H3 (4.0.1)

Martin Rex <Martin.Rex at sap.com> writes:

I spent an hour until I gave up.  All implementations of S/Mime-capable
MUAs are so horribly broken that even someone with a technical
understanding runs into brick walls everywhere.


It's not just S/MIME clients.  The PARC study found that people with *PhDs in
computer science* took, on average, over two hours to set up a cert for their
own use (using paint-by-numbers screenshots as instructions), rated it as the
hardest computer task they'd ever been asked to perform, and had no idea what
they'd done to their computer when they were finished.

PKI people who reviewed the paper were shocked at this, since they assumed
that anyone could do it in a few minutes.

(There's lots more like this in the two refs I gave.  HCISec is a real eye-
opener on the real-world effectiveness of security technology :-).

Peter.


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] the use cases for GSS-based TLS and the plea for
  - From: Martin Rex

Prev by Date: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
Next by Date: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
Previous by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for
Next by thread: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
Index(es):
- Date
- Thread

Re: [TLS] the use cases for GSS-based TLS and the plea for

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.