My previous comment about SSH was a bit inaccurate. - SSH - ask-on-first-use, "allow" implies "key was verified" (1) - warn if the key later changes - because of assumption (1), no way to allow-and-verify-later (but in practise, I guess other people do this) - TextSecure - auto-allow-on-first-use - warn if the key later changes - can verify-later, but this is not stored, so (unless you have a good memory) you don't know which keys were already verified - no concept or UI indication, on which keys were verified - ChatSecure - auto-allow-on-first-use - warn if the key later changes (I've never actually seen this, but I assume it does that) - for unverified keys, it shows the convo as orange - can verify-later, then it turns the convo green and remembers this state
I prefer the ChatSecure model, but the reason why TextSecure doesn't do it is because (they argue) the orange/green distinction is confusing. But then, perhaps we can have a different "advanced" screen where this distinction is made? X On 06/03/14 17:18, Ximin Luo wrote: > (Recent versions of) TextSecure differ from many other products, in that > there is no way to *remember* which contacts you have verified. Moxie thinks > this is a usability improvement, but I think it's a security hole. > > I don't know of any product that does this. Even SSH remembers which > non-verified keys you have implicitly allowed. > > I'm not saying it will completely invalidate a study, but it will definitely > affect things from a user's POV. So, keep it in mind when doing a usability > study using TextSecure. > > X > > On 06/03/14 16:27, Christine Corbett Moran wrote: >> The good news is that you don't need a partnership with an academic versed >> in experiment and data analysis to run one of these. >> >> The bad news is that it may not generalize between clients. >> >> But if anyone wants a candidate client to do a sort of study like that I >> suggest TextSecure =) >> >> C >> >> >> On Thu, Mar 6, 2014 at 5:13 PM, Tony Arcieri <[email protected] >> <mailto:[email protected]>> wrote: >> >> On Thu, Mar 6, 2014 at 4:49 AM, Christine Corbett Moran >> <[email protected] <mailto:[email protected]>> wrote: >> >> What we'd need to get started is a list of methods we'd want to >> test, and some comparisons based on those methods to incorporate in the >> experiment. >> >> >> I'd like to see more studies like the Cryptocat one: >> >> https://blog.crypto.cat/2014/01/cryptocat-at-the-openitp-dc-hackathon/ >> >> The area of the most confusion — to the point where it made the users >> feel threatened or panicked — was the user information screens (either for a >> specific buddy or the user themselves). *Though “fingerprint” is widely >> known by cryptography and security experts, it is, at the end of the day, >> jargon*. There were several participants who immediately associated >> “fingerprint” with a negative connotation (i.e., leaving a fingerprint at a >> crime scene). Their tone was panicked in asking their questions on this >> issue, and were unsure of why that information needed to be displayed, and >> if it was even safe to display. There were a handful of users who understood >> encryption technology at a very basic level who were not confused by the >> terminology on this page, but were unsure of what to do with this >> information. >> >> -- >> Tony Arcieri >> >> > > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
