Abstract | Outside of SSL, Notes/Domino, and federal PKIs, PK cryptography hasn't caught on. SSL is hugely successful in providing network protection. But its server authentication feature is currently useless in phishing attacks, and its client authentication is largely unused. A number of user studies indicate that while some subset of users know about and notice "the padlock", few know what it really is, and none use it to protect them from phishing. This panel posits that the points where the cryptographic system meets the user are where its success has been blocked (e.g. key mgmt, password for protecting keys, understanding risk, threat, and assurance). We explore that assumption, and the past, present, and future of usable cryptography. |
---|