Speaking of that, we may want to specify a URL format for the
fingerprint which would facilitate the importing or checking of keys
through the intent mechanism (it has a different name in iOS, but it's
there). That way, QR codes would also become quite straightforward.
Cheers,
Daniel
On 04/28/2015 01:16 PM, ianG wrote:
On 17/04/2015 18:46 pm, Daniel Kahn Gillmor wrote:
* human-representable form of the digest: e.g. hex, base32, common
hyphenation patterns, etc. there are legibility/usability factors
here that i don't know enough to comment on.
Just on that, I recently went through an exercise where phones get
introduced to phones. Once introduced the phones can speak to servers
directly naming their new friends and get high quality information in
dense cryptographic form. Users need not be bothered by the arcania.
But two people meeting for the first time is a bother, especially as
there are no presentations of cryptographic information in the app at
all, and we can't rely on the various bluetooth and so forth local
interactions.
We tried some variants, and in the end, I settled on a 4-letter base26.
It is created on one phone (register on server) and typed into the
other phone (lookup on server).
The base26 alpha was chosen because many phones have tiny keyboards
which require hitting a meta key to get out to numerics. This made the
Base32, hex and other mixed alphanumerics a pain, it about doubled the
workload and more than doubled the error rate.
A count of 4 characters was settled on because it was enough to provide
some discrimination but not enough to seriously challenge the users.
Users found 6 characters to be a bit testy (I include myself in this)
whereas people felt that if they couldn't handle 4 characters felt they
could blame themselves for the errors not the system.
iang
ps; The codes themselves once created are only valid for an hour,
suitable for a face to face meeting, so there is a lot more space
available.
ps2; 4 uppercase letters was also used by the military back in the old
pencil & paper tactical codes days. At least my military.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp