At Thu, 03 Jul 2014 12:50:50 +0200, Daniel Krebs wrote: > da ich das gerade mit Matthias von der FSFE im Rahmen von > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt? > Ich verwende ich meistens folgende Version: > > Es gibt ein Schloss mit zwei Schlüssellöchern. Jeder Schlüssel > funktioniert nur in eine Richtung, also entweder Geöffnetes schließen > oder Geschlossenes öffnen. Daran kann man dann auch das signieren > erklären, was ja bei der "klassischen Metapher" (öff. Schlüssel = > Schloss, priv. Schlüssel = Schlüssel) nicht funktioniert. Also: > Verschlüsseln: > Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit > meinem geheimen. > Signieren: > Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit > meinem öffentlichen. > > Anregungen, Meinungen?
You might want to take a look a this: https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ Email encryption, although cryptographically straightforward, appears too complicated for laypeople to understand. In our project, we aimed to understand why this problem has eluded researchers for well over a decade and expand the design space of possible solutions to this and similar challenges at the intersection of security and usability. ... In PGP’s metaphors, each user posses two items, a private key and a public key. Have you inferred how the protocol works yet? Unless you have previous exposure to cryptography, likely not. Why do I have two keys? What do these keys open? Aren’t all keys private? When you want to send a message to someone, you encrypt it with his public key, which is known to everyone. The recipient can decrypt it with his private key, which only he possesses. But can’t anyone use the public key to decrypt the message again? Nope. A public key can only encrypt, not decrypt. Just trust us on that one. You’re probably starting to understand why secure email is so hard to use. Bear with us for one paragraph longer. ... We decided to test whether better metaphors might be able to close this gap between security and usability. Specifically, we wanted metaphors that represented the cryptographic actions a user performs to send secure email and were evocative enough that users could reason about the security properties of PGP without needing to read a lengthy, technical introduction. We settled on four objects: a key, lock, seal and imprint. To send someone a message, secure it with that person’s lock. Only this recipient has the corresponding key, so only they can open it. To prove your identity, stamp the message with your seal. Since everyone knows what your seal’s imprint looks, it’s easy to verify that the message came from you. Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
