A big lesson from this post (at least for me) is how much user interface affects security. He references an older paper "Why Johnny Can't Encrypt" (http://www.gaudior.net/alma/johnny.pdf) where the negative impacts of the user interface in PGP 5.0 are analyzed. This is an old lesson which was not taken into account for the secured P25 handsets.
A similar analysis of the certs/SSL protection in browsers would be very interesting too.
A similar analysis of the certs/SSL protection in browsers would be very interesting too.