[OTR-users] Work In Progress analogy for OTR - feedback please

Ximin Luo infinity0 at pwned.gg
Sat Oct 25 07:17:27 EDT 2014


On 25/10/14 11:57, Bernard Tyers wrote:
> Hi,
> 
> I am working on an idea for a cryptoparty for non-technical people, called ”Humane Cryptoparty”.
> 
> This idea has come out of my HCI dissertation last year on non-technical user mental models and OTR. 
> 
> One finding was users had good theoritical mental models of OTR, but bad functional, or vice-versa. This lead them to make mistakes. 
> 
> The objective of the human cryptoparty is to see the affect understanding the concepts of OTR has on user behaviour and their usage of OTR.
> 
> In short, the idea I have is to explain various important concepts with non-technical analogies. This is not easy to do correctly, I know. 
> 
> I have be working on some analogies for OTR. I’d like to get your advice on how valid this is.
> 
> The objective is not to be as non-technical as possible, while explaining the concepts involved.
> 
> The analogy uses: 
> 
> - envelopes (encryption)
> - unique adhesives (public keys)
> - unique ”glitter” patterns (perfect forward secrecy) 
> - solvents (private keys)
> 

What about padlocks (public) vs unlock-keys (private)? You know, those things where you just push down to lock it.

PFS is arranging things so that you generate a new padlock/key combination for each session. Or in your analogy, a new adhesive. Alice does this by e.g. creating a new padlock/adhesive (the ephemeral key), sending this over inside a box/envelope that is locked by Bob's padlock/adhesive, then Bob opens this and uses the ephemeral key for the session. You don't need the glitter to explain PFS, and what you proposed doesn't explain how the glitter works either. Also, you say it's to do with PFS but OTOH you use words that suggest authentication ("unique pattern").

I haven't yet come up with a suitable analogy for signing or MAC authentication. I don't think your idea of the glue carries over - encryption and signatures are two different abstract logical things, even if sometimes they use similar mathematical operations. Your phrase "At which point the envelope is just signed with Alice’s key (glue)" doesn't make any sense - can you explain your rationale for choosing these words?

The relationship between the properties are more like this: PFS is a secondary property of confidentiality (encryption), and deniability is a secondary property of authentication (MACs).

There are two types of verification, (1) "the key belongs to the user" and (2) "the message is authenticated by the key". (2) can be achieved using only cryptography, but (1) involves inputting real-world facts into the system. You seem to be confusing/combining these two together, and at no point in your analogy does Alice/Bob actually exchange information in real life.

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20141025/09ca2a8c/attachment.pgp>


More information about the OTR-users mailing list