On Thu, Jul 03, 2014 at 01:46:33PM +0200, Neal H. Walfield wrote: > At Thu, 03 Jul 2014 12:50:50 +0200, > Daniel Krebs wrote: > > da ich das gerade mit Matthias von der FSFE im Rahmen von > > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt > > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt? > > Ich verwende ich meistens folgende Version: > > > > Es gibt ein Schloss mit zwei Schlüssellöchern. Jeder Schlüssel > > funktioniert nur in eine Richtung, also entweder Geöffnetes schließen > > oder Geschlossenes öffnen. Daran kann man dann auch das signieren > > erklären, was ja bei der "klassischen Metapher" (öff. Schlüssel = > > Schloss, priv. Schlüssel = Schlüssel) nicht funktioniert. Also: > > Verschlüsseln: > > Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit > > meinem geheimen. > > Signieren: > > Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit > > meinem öffentlichen. > > > > Anregungen, Meinungen? > > You might want to take a look a this: > > > https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ > > Email encryption, although cryptographically straightforward, > appears too complicated for laypeople to understand. In our > project, we aimed to understand why this problem has eluded > researchers for well over a decade and expand the design space of > possible solutions to this and similar challenges at the > intersection of security and usability. > > ... > > In PGP’s metaphors, each user posses two items, a private key and a > public key. Have you inferred how the protocol works yet? Unless > you have previous exposure to cryptography, likely not. Why do I > have two keys? What do these keys open? Aren’t all keys private? > When you want to send a message to someone, you encrypt it with his > public key, which is known to everyone. The recipient can decrypt > it with his private key, which only he possesses. But can’t anyone > use the public key to decrypt the message again? Nope. A public > key can only encrypt, not decrypt. Just trust us on that one. > Not so; this analogy might seem useful for explaining message encryption, but will lead to more confusion when attempting to understand/explain signing - where indeed the public key is used to decrypt a digest encrypted by a public key.
Fraser > > You’re probably starting to understand why secure email is so hard > to use. Bear with us for one paragraph longer. > > ... > > We decided to test whether better metaphors might be able to close > this gap between security and usability. Specifically, we wanted > metaphors that represented the cryptographic actions a user performs > to send secure email and were evocative enough that users could > reason about the security properties of PGP without needing to read > a lengthy, technical introduction. We settled on four objects: a > key, lock, seal and imprint. To send someone a message, secure it > with that person’s lock. Only this recipient has the corresponding > key, so only they can open it. To prove your identity, stamp the > message with your seal. Since everyone knows what your seal’s > imprint looks, it’s easy to verify that the message came from you. > > > Neal > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
pgpUVPHGi9WBO.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users