IETF Logo Mail Archive

Re: [openpgp] Fingerprints

"Daniel A. Nagy" <nagydani@epointsystem.org> Tue, 28 April 2015 11:39 UTC

Return-Path: <nagydani@epointsystem.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94BE01A89FA for <openpgp@ietfa.amsl.com>; Tue, 28 Apr 2015 04:39:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.601
X-Spam-Level:
X-Spam-Status: No, score=-4.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p0Gziek2tlaT for <openpgp@ietfa.amsl.com>; Tue, 28 Apr 2015 04:39:01 -0700 (PDT)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5DA81A89F2 for <openpgp@ietf.org>; Tue, 28 Apr 2015 04:38:55 -0700 (PDT)
Received: by wgyo15 with SMTP id o15so148009751wgy.2 for <openpgp@ietf.org>; Tue, 28 Apr 2015 04:38:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=GIr/ONgeiH5DMwBykKgg399l3WyH6ba70AZsf2jLLGE=; b=FtUyigVkJYDuWZxTa/lia8oWe4KKygePqlihUYiKNir4xVh7c3fGAvbaOku871fRyb wdA5t3jaYttccaoV7KmmNrwWkVzCxGIBtk7WJLi2uSjFa5SBylVsYea8Ymusppy5Nrvl kcG70sV3rKgQmxPPJSn0P1t1rzS4Zhdj8PXvEQK5nJKltrdquHO5beHu2icknpgYJIEX 9qQQQDYboDXaMXIAihTSxkB7FPLKAdbZwdfMJZhDtxZParL0e/fdg9ZBi8FaF06H96CF QctMvGIEruARYwlkAcgauNwzPclI59D8rMqkyJaX+DHO2W2KiuoO5xfe5LkGvub26Ri9 RUiA==
X-Gm-Message-State: ALoCoQmd+rArkKDtmPXlMCZUqSxWAJLZA+1J+tgvMyKt9So4bg0bxXFYm5r/e13MqU9vfhVJfOTr
X-Received: by 10.194.79.226 with SMTP id m2mr31224390wjx.60.1430221134582; Tue, 28 Apr 2015 04:38:54 -0700 (PDT)
Received: from [192.168.120.139] ([157.181.227.17]) by mx.google.com with ESMTPSA id n8sm15973439wiy.19.2015.04.28.04.38.53 for <openpgp@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Apr 2015 04:38:53 -0700 (PDT)
Message-ID: <553F7149.6000706@epointsystem.org>
Date: Tue, 28 Apr 2015 13:38:49 +0200
From: "Daniel A. Nagy" <nagydani@epointsystem.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <553F6BF8.2080501@iang.org>
In-Reply-To: <553F6BF8.2080501@iang.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/LzMAZ8NLv0vponvpmSJFWOF-RbA>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2015 11:39:02 -0000

Speaking of that, we may want to specify a URL format for the
fingerprint which would facilitate the importing or checking of keys
through the intent mechanism (it has a different name in iOS, but it's
there). That way, QR codes would also become quite straightforward.

Cheers,

Daniel

On 04/28/2015 01:16 PM, ianG wrote:
> On 17/04/2015 18:46 pm, Daniel Kahn Gillmor wrote:
> 
>>   * human-representable form of the digest: e.g. hex, base32, common
>>     hyphenation patterns, etc.  there are legibility/usability factors
>>     here that i don't know enough to comment on.
> 
> 
> 
> 
> Just on that, I recently went through an exercise where phones get
> introduced to phones.  Once introduced the phones can speak to servers
> directly naming their new friends and get high quality information in
> dense cryptographic form.  Users need not be bothered by the arcania.
> 
> But two people meeting for the first time is a bother, especially as
> there are no presentations of cryptographic information in the app at
> all, and we can't rely on the various bluetooth and so forth local
> interactions.
> 
> We tried some variants, and in the end, I settled on a 4-letter base26.
>  It is created on one phone (register on server) and typed into the
> other phone (lookup on server).
> 
> The base26 alpha was chosen because many phones have tiny keyboards
> which require hitting a meta key to get out to numerics.  This made the
> Base32, hex and other mixed alphanumerics a pain, it about doubled the
> workload and more than doubled the error rate.
> 
> A count of 4 characters was settled on because it was enough to provide
> some discrimination but not enough to seriously challenge the users.
> Users found 6 characters to be a bit testy (I include myself in this)
> whereas people felt that if they couldn't handle 4 characters felt they
> could blame themselves for the errors not the system.
> 
> 
> 
> iang
> 
> 
> ps;  The codes themselves once created are only valid for an hour,
> suitable for a face to face meeting, so there is a lot more space
> available.
> 
> ps2;  4 uppercase letters was also used by the military back in the old
> pencil & paper tactical codes days.  At least my military.
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email