[OTR-users] Work In Progress analogy for OTR - feedback please
Ian Goldberg
ian at cypherpunks.ca
Sat Oct 25 06:10:12 EDT 2014
On Sat, Oct 25, 2014 at 10:57:54AM +0100, Bernard Tyers wrote:
> Hi,
>
> I am working on an idea for a cryptoparty for non-technical people, called ”Humane Cryptoparty”.
>
> This idea has come out of my HCI dissertation last year on non-technical user mental models and OTR.
>
> One finding was users had good theoritical mental models of OTR, but bad functional, or vice-versa. This lead them to make mistakes.
>
> The objective of the human cryptoparty is to see the affect understanding the concepts of OTR has on user behaviour and their usage of OTR.
>
> In short, the idea I have is to explain various important concepts with non-technical analogies. This is not easy to do correctly, I know.
>
> I have be working on some analogies for OTR. I’d like to get your advice on how valid this is.
>
> The objective is not to be as non-technical as possible, while explaining the concepts involved.
>
> The analogy uses:
>
> - envelopes (encryption)
> - unique adhesives (public keys)
> - unique ”glitter” patterns (perfect forward secrecy)
> - solvents (private keys)
That all seems awfully complicated. You seem to be wanting to emulate
the *mechanisms* rather than explaining the *outcomes*. Is that
important? Does your audience really need to understand the effect of
private keys, etc.?
What kind of mistakes in using OTR have you seen that are caused by a
misunderstanding of, say, how PFS works? OTR is designed to give you
security whether you know it's there or not, at least against a passive
adversary. The part that may require some understanding is the buddy
verification (https://otr.cypherpunks.ca/help/4.0.0/levels.php) that ups
the protection to work against active adversaries as well. I can image
something like "whispering through a sheet" or something like that to
analogize the situation.
- Ian
More information about the OTR-users
mailing list