> The pen and paper straw man doesn't answer my questions.
I quoted the part of your comment I replied to. That part was no question. It was the claim that cryptography should not be made simpler. I strongly disagree with that point.
That has nothing to do with the specific tool at hand. It is irrelevant how and whether it simplifies things, if you claim that the premise is wrong.
> I quoted the part of your comment I replied to. That part was no question.
You did, but the next sentence you conveniently left out however is a question: "Do you want users asking you to recover their private keys?"
Together in their context they make my point. The so called complexity is a result of the features. If you want simple E2EE chat-like encryption you can have that, but then you need to manage your users keys and so on. And that's a valid use, but is it for engineers? As soon as functionality other than simple E2EE enters the picture explaining the concepts becomes a necessity.
To put it another way, I don't think it can be simplified without sacrificing security (for the user and their data) or features. It is important to understand how it works, but not necessarily being able to explain the algorithms.
I quoted the part of your comment I replied to. That part was no question. It was the claim that cryptography should not be made simpler. I strongly disagree with that point.
That has nothing to do with the specific tool at hand. It is irrelevant how and whether it simplifies things, if you claim that the premise is wrong.