Analogien um das Prinzip von PGP zu erklären

Fraser Tweedale frase at frase.id.au
Thu Jul 3 15:10:00 CEST 2014 

On Thu, Jul 03, 2014 at 10:56:30PM +1000, Fraser Tweedale wrote:
> On Thu, Jul 03, 2014 at 01:46:33PM +0200, Neal H. Walfield wrote:
> > At Thu, 03 Jul 2014 12:50:50 +0200,
> > Daniel Krebs wrote:
> > > da ich das gerade mit Matthias von der FSFE im Rahmen von 
> > > #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt 
> > > ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt?
> > > Ich verwende ich meistens folgende Version:
> > > 
> > > Es gibt ein Schloss mit zwei Schlüssellöchern. Jeder Schlüssel
> > > funktioniert nur in eine Richtung, also entweder Geöffnetes schließen
> > > oder Geschlossenes öffnen. Daran kann man dann auch das signieren
> > > erklären, was ja bei der "klassischen Metapher" (öff. Schlüssel =
> > > Schloss, priv. Schlüssel = Schlüssel) nicht funktioniert. Also:
> > > Verschlüsseln:
> > > Jemand verschließt mit meinem öffentlichen Schlüssel, ich öffne mit
> > > meinem geheimen.
> > > Signieren:
> > > Ich signiere mit meinem privaten Schlüssel, jemand anders überprüft mit
> > > meinem öffentlichen.
> > > 
> > > Anregungen, Meinungen?
> > 
> > You might want to take a look a this:
> > 
> >   https://freedom-to-tinker.com/blog/randomwalker/why-king-george-iii-can-encrypt/
> > 
> >   Email encryption, although cryptographically straightforward,
> >   appears too complicated for laypeople to understand.  In our
> >   project, we aimed to understand why this problem has eluded
> >   researchers for well over a decade and expand the design space of
> >   possible solutions to this and similar challenges at the
> >   intersection of security and usability.
> > 
> >   ...
> > 
> >   In PGP’s metaphors, each user posses two items, a private key and a
> >   public key.  Have you inferred how the protocol works yet?  Unless
> >   you have previous exposure to cryptography, likely not.  Why do I
> >   have two keys? What do these keys open? Aren’t all keys private?
> >   When you want to send a message to someone, you encrypt it with his
> >   public key, which is known to everyone.  The recipient can decrypt
> >   it with his private key, which only he possesses.  But can’t anyone
> >   use the public key to decrypt the message again?  Nope.  A public
> >   key can only encrypt, not decrypt.  Just trust us on that one.
> >
> Not so; this analogy might seem useful for explaining message
> encryption, but will lead to more confusion when attempting to
> understand/explain signing - where indeed the public key is used to
> decrypt a digest encrypted by a public key.
> 
Whups.  The digest is encrypted by the *private* key, of course :)

> Fraser
> 
> >
> >   You’re probably starting to understand why secure email is so hard
> >   to use.  Bear with us for one paragraph longer.
> > 
> >   ...
> > 
> >   We decided to test whether better metaphors might be able to close
> >   this gap between security and usability.  Specifically, we wanted
> >   metaphors that represented the cryptographic actions a user performs
> >   to send secure email and were evocative enough that users could
> >   reason about the security properties of PGP without needing to read
> >   a lengthy, technical introduction.  We settled on four objects: a
> >   key, lock, seal and imprint.  To send someone a message, secure it
> >   with that person’s lock.  Only this recipient has the corresponding
> >   key, so only they can open it.  To prove your identity, stamp the
> >   message with your seal.  Since everyone knows what your seal’s
> >   imprint looks, it’s easy to verify that the message came from you.
> > 
> > 
> > Neal
> > 
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users



> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20140703/455ace20/attachment.sig>

More information about the Gnupg-users mailing list