[Ssc-dev] Fwd: Uni Weimar: timeplan and proposal questions

[Hans of Guardian]

Hey Bryan and all,
	
Just chatted with Jan some more.  He is pretty keen on including Informacam as one of the projects for the class and thinks it would make for good design projects.  Hopefully that is useful to Informacam and you can take charge of that aspect of communicating with Jan. I don't feel I know enough about the viewing side of j3m and informa to help him.

.hc

Begin forwarded message:

> From: Jan Dittrich <jan.dittrich at uni-weimar.de>
> Date: September 19, 2013 5:36:31 AM EDT
> To: Hans-Christoph Steiner <hans at guardianproject.info>
> Subject: Uni Weimar: timeplan and proposal questions
> user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
> 
> Hello,
> Thanks for the interesting and helpful chat yesterday. I'm looking forward!
> 
> Here the mail with the timeplan and project proposals. @Hans: could you forward the mail to Bryan?
> 
> TIME & MENTORING
> * The project starts on the 24th of Oct; I assume that in the weeks from the 31st of Oct – 14th of Nov the Students (and me too) will have some need for clarifications; answers on questions of possibilities and the like in order to get a direction to go.
> * On the 12th of December I assume I'll put the first review. This means that the student teams will post their ideas on the wiki (http://www.uni-weimar.de/medien/wiki/). It would be great if you could comment on their ideas. A wikipage from a previous process like this (cooperating with Mozilla) can be found here: http://www.uni-weimar.de/medien/wiki/IFD:HumanCenteredDesignResearch_SoSe13/team2
> * On the 7th of February the term ends. In the two weeks before the students wrap up their projects. I assume that an end-of-January review in the same gist as the first would be helpful.
> 
> PROJECT-PROPOSALS
> I paraphrase what we talked about yesterday. I'll mark the things that are not totally clear to me yet. It would be great if you help me to clarify them cause naturally they should grow into proposals for the students (rather soon) and thus serve as a basis for the practical part of the course itself.
> 
> _Securechat
> 
> Q: If I understand it right, the authentication lasts (does not need to be redone every chat anew) and the "trust" (aka some sort of hash of the initiating key from the first session) is saved on the client? (as far as I understand, every message's encryption is based on the previous, going back to the first with the authentication)
> * As the "trust" to an "user" (both represented by a key or hash that can be matched) can be saved, it can be transferred
> * We could transfer this to different devices
> Q: Can this be synced via a server? Is an additional encryption needed when doing so (encrypting the 'trust' and 'user')? Is some sort of client to client communication thought of?
> 
> As far as I understood the "trust"(represented by some crypto-data) can than be used…
> * …to send OTR-like eMails (right?)
> 
> Q: You said you'd like to know about the concept of "Trust". If we want to do research on the users concept of that, I/we need to have a clear image of what that trust is represented as (I suggested above that I suspect it to be some sort of key/hash generated when doing the authentication)
> 
> _Informacam
> * Informacam used metadata connected to images in order to make it easier to check them form authenticity. If the metadata matches what you know about place and time in discussion you can be fairly sure that the image was actually done there and with the device of the photographer (identified via sensor noise profile)
> * The use case is human rights reporters, citizen journalists or even a digital photos of some property damage you want to report to law or insurance.
> Q: I assume the project is about general usability of the project? Or are there very specific interests, e.g. like how the photos are submitted?
> 
> 
> _OSTEL
> This is about encrypted phone calls (easy so far). Uses the SIP protocol and needs a server to connect the clients (the server provides the infrastructure needed to connect to a specific client (?) ). Own servers can be set up e.g. in order to provide secure ways to communicate in a company.
> The mail focus for us would be the identification:
> * You need to make sure that you don't have a man in the middle "listening". Therefore you need an identification. This is currently done by a 4 Letter code read to each other.
> * Our task would be to identify if the users accept this and if there are ways to improve it.
> Q: Any other wishes or problems here?
> 
> That's so far. It’s quite a lot of questions. As said some diagrams or usecases could be a good way for communicating. As well, it came in to my mind, that a "non-use-case" would be interesting, as usually there are many in security (if not, you can state as well that such and such is not a problem) . As an example, for PGP such a non-use-case is "sharing your private key". (which happens according to usability tests)
> 
> 
> 
> Kind Regards,
> Jan