ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Mining protection in fingerprint schemes

2016-04-08 21:36:22
On Fri 2016-04-08 18:50:53 -0300, brian m. carlson wrote:
  I agree.  I think we're approaching this problem the wrong way.  The
  approach I like is what OpenKeychain is doing with QR codes: you scan
  the QR code, which contains the fingerprint.  No manual verification is
  necessary.  We should design systems that make it easy for people to get
  right, instead of trying to defeat people being lazy.  People are always
  going to be lazy, and we should aim to have that have as little impact
  on security as possible.

I agree that entirely mechanized, user-friendly, non-MITM-able key
transfer is superior to asking humans to deal with fingerprints.

But this is not the use case for fingerprints -- we can ignore
fingerprints entirely if we're talking about mechanized key transfer
(and there's no reason that OpenKeychain needs to use the fingerprint --
for Ed25519 keys, they could just put the public key itself in the QR
Code)

However, we will still need fingerprints for the use case where people
meet up but don't have any machines handy that are capable of doing an
automated transfer.  We're going to need a transcribable or
copy/pasteable string for people to use in that case.  We're also going
to need such a string for the situations where people want to look up a
key in a directory someplace after having done such a non-mechanized
transfer.

So please, by all means, help people solve the "directory lookup" and
"in-person key exchange" use cases in user-friendly ways that do not
involve fingerprints.  But unless the WG is convinced that those
solutions can completely replace the fingerprint everywhere, we'll still
need to decide how to compute and structure the fingerprint.

The presence of better in-person schemes than fingerprint exchange do
suggest that making a complex fingerprint scheme is unlikely to be a
good use of the energy of the WG group, though.

It would be great to decide on something simple, unambiguous, and secure
soon so that we can focus on the harder work we have on our plate.

     --dkg

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp