[cryptography] SSL is not "broken by design"

Ben Laurie ben at links.org
Tue Sep 20 05:27:54 EDT 2011


On Tue, Sep 20, 2011 at 8:48 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:

> Nico Williams <nico at cryptonector.com> writes:
>
> >For a desktop I'd say: [...]
> >
> >For smartphones and tablets I'd say: [...]
>
> You can't do UI design like this, because chances are it's not going to
> work.
> By this I mean that we have 10-15 years of statistics showing that this
> approach doesn't work, so when I say "chances are" I mean "existing
> statistics
> say ...".  You need to look back at the 15 years of statistics and research
> and see what goes wrong, and in what way, and then build something based on
> that.  I give one example in the talk that I've referenced several times
> now,
> which is based on a great many user studies on what does and doesn't work.
>  We
> can (probably) do effective UI for this by turning the attackers' tactics
> against them, but you need to understand the environment in which you're
> operating rather than simply proposing a solution.
>

Well, don't tease. How?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110920/7351a600/attachment.html>


More information about the cryptography mailing list