[OTR-users] Opinions on proposed "unknown fingerprint" behaviour?
Paul Wouters
paul at cypherpunks.ca
Thu Jun 2 18:15:18 EDT 2005
On Thu, 2 Jun 2005, Ian Goldberg wrote:
>> I think AdiumX did a good job with the open and closed lock.
>> So if shapes are an option how about :
>>
>> 1. Open lock
>> 2. Closed lock
>> 3. Closed lock with this check of a checkbox superimposed.
>
> Locks to me suggest "secure", whereas OTR provides "private", which is a
> somewhat stronger notion. (With the pfs, deniability, etc.) I'd prefer
> it to not be so easily confused with things like gaim-encryption.
But you are trying to convey cryptography concepts to the masses. That will
not work.
> Also, even in the "lock" world, I think we really don't want to give the
> misimpression that people should be happy at 2. The moods I'd like
> people to have (somewhat flippantly):
>
> 1. Unhappy
> 2. Uneasy
> 3. Comfortable
That is pretty misleading. I would call 2 "easy", since it protects against
silly passive attacks, which are the most types of attacks most IM users
would face.
> Maybe use smilies? ;-)
I have enough childish icons forced down my throat as it is, thankyouverymuch
how about:
1. Insecure
2. Protected
3. Safe
Then it leaves the interpretation of 'protected' to the individuals. We can explain
(in a mouse over or something) that protected means 'protected against sniffing and
passive attacks', and that safe means 'protected against sniffing and active attacks'.
While die-hard crypto people will call 'protected' completely insecure and meaningless.
Protected could be coloured blue (eg protected by some uniform, but do we trust the
uniform?) It should not be some shade of green.
We need to explain these things so that my dad can understand the difference. Perhaps
a pointer to a url to the OTR website with cute animations or something.
Paul
More information about the OTR-users
mailing list