[Freedombox-discuss] Tap-to-share PGP key exchange
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 4 16:38:25 UTC 2011
On 10/04/2011 11:56 AM, Timur Mehrvarz wrote:
> I really wish we could get to a point where we can trust the wireless
> connection, reducing the number of steps needed for PGP based
> "friedning", making the process more acceptable for 'regular people'.
i agree that it would be nice if this were possible. I'm just not sure
how we'd get there.
One thought: what about a point-to-point wired connection? That's
pretty easy for humans to physically inspect/verify, and wouldn't need
the additional optical verification check.
Is there such a standard connection for common handheld
computers/smartphones?
> But for as long as we do not fully trust the wireless connection - which
> is why we want to verify the key fingerprints - we cannot use it to
> coordinate/automate the verification process. I think.
I think untrusted wireless could be safely used for coordination and
automation of a key exchange handshake under two conditions:
0) it is clear what is happening to the device operator, and
1) the worst-case event that could happen from malicious wireless
interference is a visible failure-to-handshake
I haven't written up a precise spec for any automation like this, but it
seems plausible to me that a well-specified process could meet these
conditions.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20111004/b9fbef1e/attachment.pgp>
More information about the Freedombox-discuss
mailing list