Excuse the cross-post, but this message seems relevant to these lists
as well as TLS.
Russ
= = = = = = = = = =
Date: Sat, 28 Jul 2007 04:17:33 +1200
From: pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz
To: martin(_dot_)rex(_at_)sap(_dot_)com
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
Cc: tls(_at_)ietf(_dot_)org
Martin Rex <Martin(_dot_)Rex(_at_)sap(_dot_)com> writes:
I spent an hour until I gave up. All implementations of S/Mime-capable
MUAs are so horribly broken that even someone with a technical
understanding runs into brick walls everywhere.
It's not just S/MIME clients. The PARC study found that people with *PhDs in
computer science* took, on average, over two hours to set up a cert for their
own use (using paint-by-numbers screenshots as instructions), rated it as the
hardest computer task they'd ever been asked to perform, and had no idea what
they'd done to their computer when they were finished.
PKI people who reviewed the paper were shocked at this, since they assumed
that anyone could do it in a few minutes.
(There's lots more like this in the two refs I gave. HCISec is a real eye-
opener on the real-world effectiveness of security technology :-).
Peter.
_______________________________________________
TLS mailing list
TLS(_at_)lists(_dot_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/tls