does this extend to ssh keys?
-
-
-
Effectively yes. My current day job entirely abstracts that detail away from me. After a career doing my own key management, this feels objectively correct.
- 2 more replies
New conversation -
-
-
I agree that end users should not be expected to understand how crypto *works*; but I think they should still be expected to have some understanding of its limitations.
-
I see this as being like cars: You don't have to be a mechanic, but you should have enough understanding of the limitations of cars to know e.g., that jumping out into traffic is a bad idea because cars can't stop that fast.
End of conversation
New conversation -
-
-
So you basically want them to trust magic to protect their money, privacy and secrets ? If they do not understand it, it is for all practical purposes magic. Worse: Unlike a locked door, they have no way to know if it even works.
-
Even if you know how PK crypto works, you still won’t know if any given implementation is secure unless you’re doing it by hand, so the crux really is: Do you trust it. Whether you understand PKC or not may help with that, but trust is inherently human and not based in proof.
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Agree about the end user, but I'd still want the code to be open source and audit friendly, so that cryptographers, computer scientists and other full time PKI experts can review it regularly.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
“Just use PGP”, they’ve been saying for decades.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
is "picoheresy" the new "unpopular opinion"?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.