[Freedombox-discuss] Tap-to-share PGP key exchange

Timur Mehrvarz timur.mehrvarz at googlemail.com
Fri Sep 30 11:46:18 UTC 2011

DKG, your impression that there is no security in place when using
Bluetooth and NFC is not true. Anymime uses encrypted and
authenticated communications only. And NFC does not just make the
procedure much more usable, it also removes the weakest spot with
"long range" Bluetooth: device discovery. What is needed now is that
people play with it and try to break it. And more devices with NFC
chips must become available.

I will prepare another reply with more info, just need a bit more
time. My impression is, that those who specify and implement the lower
layers are honest about security. Also keep in mind that payment is
one important use case here. Why not benefit from the effort?

I'm following this list long enough to be aware of the QR discussion.
I think both technologies need to be implemented for key exchange. If
someone comes to you with QR code printed on a business card, your NFC
chip won't help much.

Thank you Stefano + Michael for your encouraging words.

On 29.09.2011 17:45, Daniel Kahn Gillmor wrote:
> i'm concerned that bluetooth and NFC don't provide much protection
>  against spoofing.  that is, can the operator of a device using 
> these technologies verify that the communication comes from the 
> expected peer? or is it possible for a nearby attacker with
> control over the RF spectrum to inject messages into the
> communication?
> The advantage of the optical approach (QR codes and webcams) 
> discussed some months ago on this list (see posts about 
> "monkeysign" and "manus vexo") is that a (sighted) human user can 
> observe the communication between devices directly and ensure that 
> there is no tampering.
> Is there some mechanism with bluetooth or NFC that offers 
> equivalent protection from network interference?
> --dkg

More information about the Freedombox-discuss mailing list