[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public key crypto

Date: Sat, 11 Jan 1997 12:02:07 -0800 (PST)
From: Michael Dillon <michael@memra.com>
Subject: Re: Public key crypto

On Fri, 10 Jan 1997 davidk@ISI.EDU wrote:

> May be we
> need to support even more then one mechanism to allow participation of
> all countries.

I think it's even more important to support all skill levels of user. 
Many people really do not understand authentication systems at all and
probably never will. But if you send them an email that says:

     The following changes have been requested for your
     domain name EXAMPLE.INET. If you agree to these changes
     then simply reply to this message. You don't have to
     type anything in your reply but you do have to return 
     the entire key section at the bottom of this message.
     If your email program does not automatically include
     the message in the reply, please cut and paste the 
     key section into your reply.

     Changes requested:
        .
        .
        .
     KEY SECTION:--------------------------------------
     KEY01yf8hv3esncrzs8pcwtyhomva.o8utb4egasm80sgm9e5t
     KEY02xefno8scsrtm/f9fs9mlsem9/sef9/m8se9/f5s/5se/5
     KEY03c89ctn9n9rtny8rtn8ort8nyortvn8vrt8s8d8o9da4s9
     KEY04d89n358o49490t980tr4apiosuopsafuighklgk/jdfdz
     END OF KEY SECTION:-------------------------------

In this example, the important lines are each tagged with "KEY" and
the line number. In addition the KEY lines are short so they will
not be word wrapped even with wierd reply quoting schemes. The actual
keys consist only of characters from the MIME base64 character set
so they won't get munged by wierd gateways. If the user accidentally
pastes the key multiple times the KEY line numbers enable extracting
the lines of the key in correct order. The tags are there to identify
the beginning of the key even if quoting characters are prepended.

Human factors are critically important here if we want to enable ordinary
users to authenticate their transactions. No scheme which requires the end
user to run a specific software package will work.

Michael Dillon                   -               Internet & ISP Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael@memra.com

Follow-Ups:
- Re: Public key crypto
  - From: Jeff Williams <jwkckid1@ix.netcom.com>

References:
- Re: Public key crypto
  - From: davidk@ISI.EDU

Prev by Date: Use of Repository Data for Certain Purposes
Next by Date: Re: Public key crypto
Prev by thread: Re: Public key crypto
Next by thread: Re: Public key crypto
Index(es):
- Date
- Thread