All the stuff about private and public keys was a bit of a haze to me until I invested a few hours in reading up on cryptography and specifically the Diffie-Hellman Key Exchange. I postulate that the problem here is (was?) one of terminology and/or education, rather than interface design.
Incidentally I thought the article was going to be about why amateurs can't/shouldn't write encryption algorithms (having inquired about this myself on Stack Overflow and been royally shouted down).
I agree with the terminology being a problem. Regarding private key public key encryption, I think the public key should be called the "lock" since people use it to lock data they want to send you, while the private key should be called the "key" because you use it to "unlock"(decrypt) the data.
But this messes up when you use the same terms for other uses of public/private keys such as authentication. Still, the terms could provide a better mental model for people new to it to understand.
That breaks down when you use your private key [aka the "key"] to encrypt/sign something when you send it out. It proves it came from you because your public key [aka the "lock"] can decrypt it.
I still remember that some years ago I did not knew what exactly was a "secure channel" that some texts talked about when I was learning about PKIs. The terminology is really confusing if people do not get the concepts.
These days in the security field "user education" is viewed as an excuse by developers who abdicate responsibility. Phishing shows that users can't/won't be educated, so some other solution has to be found.
It's only been a few decades since users (outside of DARPA) were first required to understand anything about computer security. Cultures take time to change, though when they do, it can seem like a sudden burst. I think Western culture might be just about to start caring about computer privacy, due to the thorough percolation of media reports about it; computer security might have its day as well, soon enough. We all learned to brush our teeth, do our taxes and drive (through various mechanisms)—we'll eventually learn to sign/authenticate and encrypt/decrypt information as well, if it's that important.
This paper is very popular / influential in the area of usable security. It's interesting to note that though it's possible to securely exchange e-mail, most people don't. I took a course offered by Prof. Tygar (co-author of the paper) last year and we evaluated how easy it is to send encrypted mail using Thunderbird+Enigmail+GnuPG. While the usability of the software has improved in the 10 years since the paper was written, it is nowhere near the level required to make this a mainstream technology. Maybe it is inherent to the process itself. I don't see how you can simplify key exchange to make it very easy for the average user. I guess the price you pay for security is to go through the pain of figuring out how it works. Of course, most people will not / cannot do that even if it is in their best interest.
I'd loved to hear the thoughts of the security gurus on HN about this...
I don't see how you can simplify key exchange to make it very easy for the average user.
Google/Microsoft/Yahoo posts a blog post containing the following: "PGP keys for all addresses can be found at https://keys.example.com/k/foo%27example.com . This is recorded in a TXT record in our DNS in the following easy to understand format.
We invite other mail providers to adopt this standard. We will periodically check your DNS records prior to sending mail and, if set up properly, transparently encrypt all mail sent to you."
Essentially, solve key exchange like HTTPS solves key exchange: the user never has to worry about it.
[summary] Usability study of PGP 5.0. Out of 12 people who didn't know about private/public key systems initially, but were experienced with email:
Roughly between 1/4 and 1/2 of them (worse in a couple cases) succeeded at a given task (send a key, encrypt an email, etc). Others failed completely, or took a long time to achieve it (~30 minutes in several tasks for a couple people), and some couldn't manage the essentials - even with feedback - by the end of the 90 minute trial.
Reasons given for the failures were primarily focused around workflow / UI design.
---
Strikes me as accurate, probably better than many alternatives at the time, which is somewhat frightening. And, given my experiences getting signing / encrypting working in Mail.app, it's hardly improved in the past decade. Thunderbird makes it simpler, but not by much, and I don't recall being able to use multiple keys easily.
I recommend building GPG into Firefox along with FireGPG, and suddenly it gets a hell of a lot easier.
I know most people would be looking at the Thunderbird-Enigmail-GPG route, but I've found Firefox - FireGPG - GPG to be easier to use, install and more usefull. Actually the most difficult part with that setup is getting GPG to play with FireGPG, include GPG with Firefox and suddenly public key encryption is easy and available to the masses.
You still have to understand PGP conceptually, though, which is a huge leap for the average person. FireGPG + GMail is indeed nice, though, although it seems to be broken half the time.
Incidentally I thought the article was going to be about why amateurs can't/shouldn't write encryption algorithms (having inquired about this myself on Stack Overflow and been royally shouted down).