ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Mining protection in fingerprint schemes

2016-04-09 08:55:55
from [Peter Gutmann] [Permanent Link] 
brian m. carlson <sandals(_at_)crustytoothpaste(_dot_)net> writes:


The approach I like is what OpenKeychain is doing with QR codes: you scan the
QR code, which contains the fingerprint.  No manual verification is
necessary. We should design systems that make it easy for people to get
right, instead of trying to defeat people being lazy.


Exactly, leave the computation to the computers.  No human should be expected
to compare 40 hex digits for an exact match, that's why we have computers.  In
fact the denser QR codes can store an entire key in the QR code.  Once it's on
your phone, you can use your method of choice to get it to other devices.

Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Mining protection in fingerprint schemes, Werner Koch
Next by Date:  Re: [openpgp] Mining protection in fingerprint schemes, Peter Gutmann
Previous by Thread:  Re: [openpgp] Mining protection in fingerprint schemes, Bryan Ford
Next by Thread:  [openpgp] Fingerprint requirements for OpenPGP, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]