Re: [TLS] the use cases for GSS-based TLS and the plea for

pgut001@cs.auckland.ac.nz Fri, 27 July 2007 16:17 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IESVZ-00038F-QO; Fri, 27 Jul 2007 12:17:41 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IESVY-00038A-4v for tls@ietf.org; Fri, 27 Jul 2007 12:17:40 -0400
Received: from larry.its.auckland.ac.nz ([130.216.12.34] helo=mailhost.auckland.ac.nz) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IESVX-0008PB-LN for tls@ietf.org; Fri, 27 Jul 2007 12:17:40 -0400
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id E62B1183B0; Sat, 28 Jul 2007 04:17:38 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OwydOg-B3QSN; Sat, 28 Jul 2007 04:17:38 +1200 (NZST)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id C9A47183AD; Sat, 28 Jul 2007 04:17:38 +1200 (NZST)
Received: from eris.cs.auckland.ac.nz (eris.cs.auckland.ac.nz [130.216.33.46]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 54698D14CFC; Sat, 28 Jul 2007 04:17:37 +1200 (NZST)
Received: from 125-238-114-81.broadband-telecom.global-gateway.net.nz (125-238-114-81.broadband-telecom.global-gateway.net.nz [125.238.114.81]) by webmail.cs.auckland.ac.nz (Horde) with HTTP for <pgut001@webmail.cs.auckland.ac.nz>; Sat, 28 Jul 2007 04:17:33 +1200
Message-ID: <20070728041733.78oat8pscbk08ggo@webmail.cs.auckland.ac.nz>
Date: Sat, 28 Jul 2007 04:17:33 +1200
From: pgut001@cs.auckland.ac.nz
To: martin.rex@sap.com
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for
References: <200707271551.l6RFpb7W021006@fs4113.wdf.sap.corp>
In-Reply-To: <200707271551.l6RFpb7W021006@fs4113.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.1)
X-Originating-IP: 125.238.114.81
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d6b246023072368de71562c0ab503126
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Martin Rex <Martin.Rex@sap.com> writes:
> I spent an hour until I gave up.  All implementations of S/Mime-capable
> MUAs are so horribly broken that even someone with a technical
> understanding runs into brick walls everywhere.

It's not just S/MIME clients.  The PARC study found that people with *PhDs in
computer science* took, on average, over two hours to set up a cert for their
own use (using paint-by-numbers screenshots as instructions), rated it as the
hardest computer task they'd ever been asked to perform, and had no idea what
they'd done to their computer when they were finished.

PKI people who reviewed the paper were shocked at this, since they assumed
that anyone could do it in a few minutes.

(There's lots more like this in the two refs I gave.  HCISec is a real eye-
opener on the real-world effectiveness of security technology :-).

Peter.


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls