[cap-talk] Simple Cooperative File Sharing (SCoopFS), the "F" is silent

Karp, Alan H alan.karp at hp.com
Tue Mar 10 20:38:57 EDT 2009 

James A. Donald wrote:
> 
> Karp, Alan H wrote:
>  > I don't understand this proposal.  Are you saying we
>  > should examine the body of the message for petnames?
>  > What would you do with something like, "Alan told me
>  > that a friend named his son Alan."
> 
> That would be one possible implementation.  Another
> possible implementation would be to enable the user to
> drag and drop between the contact list, the "to" and
> "cc" lists, and the body of the message - I like that
> implementation because the user can use a single gesture
> to accomplish diverse tasks, rather than having to learn
> a separate UI for each task.
>
Or even a hot-key to select a petname from a list.  I think I like it, but I'd have to try it to be sure.  It would probably need some visual distinction between petnames and text, but we're used to that with hyperlinks.
> 
>  > The webkey used to create a new connection is pure
>  > data and can be communicated any way you like.
> 
> It is a *lot* of pure data - hence the reliance on email
> ids.
>
A webkey is a lot of data only if you're trying to memorize it or type it.
> 
> Any time we have such a large, strong secret, it is
> preferable to encapsulate it inside a some kind of
> hyperlink and hide it behind some anchor text, to
> protect the user from being overwhelmed.
>
The users in our study concur, but for a different reason.  They found the connection between the webkey and the Pal confusing.  In a future version, should there be one, we'll encapsulate the webkey into something meaningful to the user, as you propose.
> 
> One way of employing a weaker secret is to have
> hyperlinks issued by Bob that will sign some one up to
> as a buddy of Bob - hyperlinks that may be password
> protected - so an invite could be:
> 
> 	"go to such and such a web page, click on "bob",
> 	and send me a message"
> 
> or
> 	"go to such and such a web page, click on "bob",
> 	enter the password "hibob", and send me a
> 	message."
> 
In the early days of the project we thought of having the new Pal click on a webkey to set up a connection, but there some security issues (which I can't recall at the moment).  Any time you say "go to such and such a web page", I assume that I can just as easily say "click on this link."  Maybe the indirection you propose addresses the security issues, but I'll have to remember what they are to decide.

> Another approach is to make it easier for the user to
> enter large strong secrets, for example by embedding
> check data in the secret, so that if the user makes a
> mistake, the mistake will generally be detected
> immediately, or after the user has entered another
> character.

We don't expect that users will ever type a webkey.
> 
> Another approach, not necessarily exclusive with the
> others, is to attempt to make large strong secrets more
> user friendly by encoding them in an English like manner
> using reverse arithmetic encoding, as is now being done
> with some captcha codes.
>
I don't see any reason that a webkey needs to be interpreted by a human.  Perhaps a better approach is to put the webkey in a file, much the way people use .vcf files to exchange contact information.
> 
> To learn a narrowly based solution to specific security
> problems costs the user as much thought and effort as
> learning a broadly based solution to a broad class of
> security problems.
>                (plus a lot more that I snipped)

I agree, but there's a third option.  Rather than developing an entirely different mode or trying to retrofit on an existing one, we hijacked the email metaphor (somewhat conflated with IM).   That let us provide the security and automation features in a familiar way.  It appears that we succeeded.  Our users are able to do the simple stuff with no instruction and no Help button.  It's only the SCoopFS specific stuff, such as creating a Pal, where we needed some documentation.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp

More information about the cap-talk mailing list