[cryptography] SSL is not "broken by design"
ben at links.org
Tue Sep 20 05:27:54 EDT 2011
On Tue, Sep 20, 2011 at 8:48 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
> Nico Williams <nico at cryptonector.com> writes:
> >For a desktop I'd say: [...]
> >For smartphones and tablets I'd say: [...]
> You can't do UI design like this, because chances are it's not going to
> By this I mean that we have 10-15 years of statistics showing that this
> approach doesn't work, so when I say "chances are" I mean "existing
> say ...". You need to look back at the 15 years of statistics and research
> and see what goes wrong, and in what way, and then build something based on
> that. I give one example in the talk that I've referenced several times
> which is based on a great many user studies on what does and doesn't work.
> can (probably) do effective UI for this by turning the attackers' tactics
> against them, but you need to understand the environment in which you're
> operating rather than simply proposing a solution.
Well, don't tease. How?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography