On Thu, Jul 03, 2014 at 10:56:30PM +1000, Fraser Tweedale wrote: > On Thu, Jul 03, 2014 at 01:46:33PM +0200, Neal H. Walfield wrote: > > At Thu, 03 Jul 2014 12:50:50 +0200, > > Daniel Krebs wrote: > > > da ich das gerade mit Matthias von der FSFE im Rahmen von > > > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt > > > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt? > > > Ich verwende ich meistens folgende Version: > > > > > > Es gibt ein Schloss mit zwei Schlüssellöchern. Jeder Schlüssel > > > funktioniert nur in eine Richtung, also entweder Geöffnetes schließen > > > oder Geschlossenes öffnen. Daran kann man dann auch das signieren > > > erklären, was ja bei der "klassischen Metapher" (öff. Schlüssel = > > > Schloss, priv. Schlüssel = Schlüssel) nicht funktioniert. Also: > > > Verschlüsseln: > > > Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit > > > meinem geheimen. > > > Signieren: > > > Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit > > > meinem öffentlichen. > > > > > > Anregungen, Meinungen? > > > > You might want to take a look a this: > > > > > > https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/ > > > > Email encryption, although cryptographically straightforward, > > appears too complicated for laypeople to understand. In our > > project, we aimed to understand why this problem has eluded > > researchers for well over a decade and expand the design space of > > possible solutions to this and similar challenges at the > > intersection of security and usability. > > > > ... > > > > In PGP’s metaphors, each user posses two items, a private key and a > > public key. Have you inferred how the protocol works yet? Unless > > you have previous exposure to cryptography, likely not. Why do I > > have two keys? What do these keys open? Aren’t all keys private? > > When you want to send a message to someone, you encrypt it with his > > public key, which is known to everyone. The recipient can decrypt > > it with his private key, which only he possesses. But can’t anyone > > use the public key to decrypt the message again? Nope. A public > > key can only encrypt, not decrypt. Just trust us on that one. > > > Not so; this analogy might seem useful for explaining message > encryption, but will lead to more confusion when attempting to > understand/explain signing - where indeed the public key is used to > decrypt a digest encrypted by a public key. > Whups. The digest is encrypted by the *private* key, of course :)
> Fraser > > > > > You’re probably starting to understand why secure email is so hard > > to use. Bear with us for one paragraph longer. > > > > ... > > > > We decided to test whether better metaphors might be able to close > > this gap between security and usability. Specifically, we wanted > > metaphors that represented the cryptographic actions a user performs > > to send secure email and were evocative enough that users could > > reason about the security properties of PGP without needing to read > > a lengthy, technical introduction. We settled on four objects: a > > key, lock, seal and imprint. To send someone a message, secure it > > with that person’s lock. Only this recipient has the corresponding > > key, so only they can open it. To prove your identity, stamp the > > message with your seal. Since everyone knows what your seal’s > > imprint looks, it’s easy to verify that the message came from you. > > > > > > Neal > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
pgpwjzDgQeWQc.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users