If you gave that explanation to my wife.... :) Her eyes would glaze over before you finished the first paragraph. Not that I disagree with you and it is actually a very sane/less complex explanation.
My point is that the average Joe user equates SSL with "web security" for e.g. Whether this notion is right or wrong, doesn't matter, it's what he/she believes. They don't understand SSL any better than PGP/GPG etc. yet they "believe" in it. Somehow the message of "secure communications" needs to be at the same level of simplicity and pervasiveness. -----Original Message----- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Mark H. Wood Sent: Thursday, April 10, 2014 10:50 AM To: gnupg-users@gnupg.org Subject: Re: It's 2014. Are we there yet? On Wed, Apr 09, 2014 at 12:39:44PM -0400, Kapil Aggarwal wrote: > Let's list a few arguments: [snip] > - WTF is a key pair/public key/private key/<insert more arcane > terminology>. - J This IS a big problem. I may get it, you may get it, > terminology>how > does the average Joe user gain that understanding? The nomenclature > needs to be, well, something that the average Joe user can understand > as well. They understood SSL (well, for the most part). I think this one is easy. The key pair is a mathematical analog of the old spy trick (I'm sure it's in the movies somewhere) of tearing a playing card in two, giving one piece to each of two people who do not know each other but must be able to recognize one another. No two cards tear *exactly* the same way. And the math does this *much* better. I thought that the tradition of the mizpah coin would serve as well, but I haven't found a good explanation, just advertising and Biblical backgrounders. As I recall, someone thought to break a soft metal coin in two, so that the jagged edges would symbolize a unique relationship, and somehow related it back to the story of the cairn of stones that symbolized an agreement with God as witness. Nowadays they mint the things in two pieces, very stylized, and you buy them already separated. So maybe this is not so useful here. Anyway, the point is the same: a random process produces a unique boundary between two complementary pieces, which the holders can use to identify each other. A computer does it with mathematics that you don't have to fully understand, so long as you trust someone who does. If you need to see it in the physical world, just tear a piece of paper, or break a cookie in two, and contemplate the result. There are other things you can do with the jagged edges (so to speak) of these keys, to scramble and unscramble a message, because the two pieces are related, in a way too complex to easily guess if you don't have one of them. Go ahead: pick up a pencil and paper, and try to predict the EXACT shape of the torn edges of a card without seeing it. One thing you must understand is that the keys are related *mathematically*, not physically. *Unlike* the card, knowing one shape does not automatically give you the other. This is useful: it means that you have a secret which you don't have to share to prove that you know it. After that, it's all just multiplying impossibly huge numbers. That's dumbed down considerably, but I think it gets the basic idea across simply. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
