Perspectives icon indicating copy to clipboard operation
Perspectives copied to clipboard
verified publisher icon danwent

Improve front page documentation

Open daveschaefer opened this issue 11 years ago • 6 comments

Let's copyedit the explanation of how the CA model works and how Perspectives is different, so it's easy for non-technical people to understand. Some diagrams would go a long way towards helping explain this. Perhaps we can use something like http://www.gliffy.com/ and create a Creative Commons diagram? That would be useful for the internal help docs too.

daveschaefer avatar Apr 17 '14 04:04 daveschaefer

For now we could just take the diagrams from the presentations.

ghost avatar Jul 01 '14 20:07 ghost

Public-Key-Infrastructure, Man-In-The-Middle-Attacks and Perspectives protection explained in three sketches: 1 situation 2 problem 3 perspectives

ghost avatar Jul 06 '14 07:07 ghost

1. Situation

  • Say Alice wants to communicate securely with Bob.
  • Bob therefore generates a private key and a public lock but only sends the lock to Alice.
  • Alice however doesn't know how the lock should look like and asks a certificate authority (CA), one of several hundreds delivered with Mozilla Firefox.
  • If the locks match, Alice locks up her package and securely sends her love letter to Bob.
  • Because Bob never gave away his private key he is the only one able to open the package.

2. Problem

  • The problem is that Alice doesn't know what Bob's lock should look like.
  • A so called man-in-the-middle attacker could therefore interfere with their communication and send a fake lock to Alice.
  • Alice again tries to ask a certificate authority (CA) but the attacker just replies that everything is alright.
  • Poor Alice locks up her package and sends it to Bob without knowing that someone eavesdrop their communication.
  • The attacker is not even able to open her package but also send a hate letter to Bob.
  • Even though their connection was in fact encrypted the attacker could listen to and change their communication because nobody knew who they were actually talking to.

3. Perspectives

  • Perspectives protects against this problem by running several so called notary servers.
  • A notary server asks Bob over and over again about how his lock looks like and logs the result.
  • When Alice receives Bob's lock she also asks the Perspectives notary servers.
  • If the notary servers agree on how Bob's lock looks like the communication is secure otherwise something is fishy.

Update 2014-10-31: I tested this with some technical and non-technical people and all-in-all they said it should be split into more diagrams explaining each step. I also made a mistake when drawing these diagrams. The browsers doesn't actually connect and request from an authority, instead the signature of the received certificate is checked against the local public keys.

ghost avatar Jul 06 '14 08:07 ghost

Thanks for running some user tests Gerold, that is fantastic :)

We should also put all of the text from the perspectives-project.org site into a github repo so we can have revision history on it. That makes sure it is backed up as well.

daveschaefer avatar Nov 03 '14 02:11 daveschaefer

Some more explanations on mailing list - notaries API specification and the talk on Convergence.

ghost avatar Nov 15 '14 15:11 ghost

@lambdor Yes, thanks for your summaries in that thread Gerold, that is fantastic.

daveschaefer avatar Nov 17 '14 04:11 daveschaefer