Hi, I am working on an idea for a cryptoparty for non-technical people, called ”Humane Cryptoparty”.
This idea has come out of my HCI dissertation last year on non-technical user mental models and OTR. One finding was users had good theoritical mental models of OTR, but bad functional, or vice-versa. This lead them to make mistakes. The objective of the human cryptoparty is to see the affect understanding the concepts of OTR has on user behaviour and their usage of OTR. In short, the idea I have is to explain various important concepts with non-technical analogies. This is not easy to do correctly, I know. I have be working on some analogies for OTR. I’d like to get your advice on how valid this is. The objective is not to be as non-technical as possible, while explaining the concepts involved. The analogy uses: - envelopes (encryption) - unique adhesives (public keys) - unique ”glitter” patterns (perfect forward secrecy) - solvents (private keys) ** Alice wants to send a message to Bob ** — OTR — INSECURE: 1. She writes the message on a postcard (cleartext) and sends it to Bob via a central post office (chat server). 2. Mallory intercepts it, and does a MiTM. 3. Alice and Bob never know. — OTR — 1. Alice has a unique glue (her public key) which she uses for sticking her letters closed. 2. Bob has the same (his public key). — OTR — WITH JUST ENCRYPTION 3. She writes the message on a postcard (plaintext), and puts it in an envelope addressed to Bob. 4. She spreads some of her glue (her public key), and some of Bob’s glue (his public key) on the envelope, closes it. (message is now encrypted with both public keys) [NB: There is no mention of Alice’s private key here. Is this an issue?] 5. She sends it to Bob via a central post office. (Chat server) 6. Bob receives it. 7. He uses his special solvent (his private key) to dissolve his glue, leaving Alice’s glue intact. 8. Bob can then open the envelope (since it has just Alice public key), knowing that no-one has been able to tamper with the message. — OTR — WITH ENCRYPTION AND VERIFICATION (continuation on from step 2. above) 3. Alice writes the message on a postcard, and puts it in an envelope addressed to Bob. 4. She spreads some of her glue, and some of Bob’s glue on the envelope, closes it. 5. She now sprinkles glitter on the glue. This pattern is unique. 6. This is where it breaks down for me. I was thinking of using this step 3 as an analogy for FPS - no two patterns can be the same, so there is no way to link previous messages back to Alice…? From then on, it is, the same as for above. 7. She sends it to Bob via a central post office. 8. Bob receives it. 9. He uses his special solvent to dissolve his glue, leaving Alice’s glue intact. 10. Bob can then open the envelope, knowing that no-one has been able to tamper with the message. ======== From step 7 in "— OTR — WITH ENCRYPTION AND VERIFICATION” only Bob can remove his glue (public key) with his solvent (private key). At which point the envelope is just signed with Alice’s key (glue). What do you think? I am not sure this gets across the OTR concepts in the right order. I have had some good feedback on using the analogy of envelopes, and adhesives. If it stands up, I’d like to continue with this analogy. I would appreciate any constructive advice and criticism of the analogy. Or input you could give. The intention is to do the first version of this at Mozfest and then ask participants to be involved for a follow-up study of their usage. Thanks in advance, Bernard
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
