Re: [openpgp] Mining protection in fingerprint schemes

On Fri, Apr 08, 2016 at 06:30:07AM +0000, Peter Gutmann wrote:
> Bryan Ford <brynosaurus(_at_)gmail(_dot_)com> writes:
> > The whole idea of providing some form of “mining-resistance” in a fingerprint
> > scheme is to enable the key-owner to invest some effort at key-creation time,
> > to ensure that any attacker who wants to try to mine for a key with a 
> > similar-
> > looking fingerprint will have to invest a *lot* more time and effort, not 
> > just
> > a little.
> I'm not sure if this is worth the effort, see "Do Users Verify SSH Keys?",
> https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf.  The
> solution isn't to try and patch up something that inherently doesn't work
> (look at browser PKI for a twenty-year, and still running, example of trying
> to do that) but to look for alternative approaches to dealing with the
> problem.
I agree.  I think we're approaching this problem the wrong way.  The
approach I like is what OpenKeychain is doing with QR codes: you scan
the QR code, which contains the fingerprint.  No manual verification is
necessary.  We should design systems that make it easy for people to get
right, instead of trying to defeat people being lazy.  People are always
going to be lazy, and we should aim to have that have as little impact
on security as possible.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp