IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 27 April 2015 17:58 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 579D01A9032 for <openpgp@ietfa.amsl.com>; Mon, 27 Apr 2015 10:58:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.278
X-Spam-Level:
X-Spam-Status: No, score=-3.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XRlLakHwJ3y for <openpgp@ietfa.amsl.com>; Mon, 27 Apr 2015 10:58:11 -0700 (PDT)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC3F81A8A0D for <openpgp@ietf.org>; Mon, 27 Apr 2015 10:58:10 -0700 (PDT)
Received: by lbbqq2 with SMTP id qq2so88363034lbb.3 for <openpgp@ietf.org>; Mon, 27 Apr 2015 10:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=HGrvuDvayJ5xJzHjzBbK3eor71iagNyo9avj4HwF3kE=; b=kklSE2qcW3wBGQNprV5f33smS+g+Yz2LFK5Pbhr9tGXoS2WcPR+MJ1GaMfXqWIsZRP 7JIUqgPO6FRNkoPONqmKX/BSKLMHNx46NMiUJMTNRz9HdBMTHgkYLsqm3s6Lc3uMGWsH obXNr722xc4Pyim8jyQBBMDQws6AOCFQGArYwLQqxMSkBHRRWFJ6eVV8wkDJQ8/oHqYY nZik+HeruOkUixSSrm+Nf5tzfCLWT87KNaUHyDFYvviKPYYvAJC20zC7r0f17Eu+KI9J lqjgDFp87MJuBrhxNNaafPXNcvtbMcMo9d6piNHdvjh7eRfdHv15lqbqZ3bSStR2PcdW SPPQ==
MIME-Version: 1.0
X-Received: by 10.112.16.167 with SMTP id h7mr11035244lbd.124.1430157489126; Mon, 27 Apr 2015 10:58:09 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Mon, 27 Apr 2015 10:58:08 -0700 (PDT)
In-Reply-To: <87pp6pczgq.fsf@vigenere.g10code.de>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <87618qzlw0.fsf@vigenere.g10code.de> <1429922578.4659.49.camel@scientia.net> <1DC3C8C67280FB4C9A402CB6DB1358F519E90A4A32@S2008SBS.intern.giepa.de> <87pp6pczgq.fsf@vigenere.g10code.de>
Date: Mon, 27 Apr 2015 13:58:08 -0400
X-Google-Sender-Auth: 8hCHbgpI6OYDhMkq7HOtgR3JdRY
Message-ID: <CAMm+Lwh90BtUkVFvxk4y+PA0onW_2ixnoFEnxsgVoh3=jGcgUA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Ranft <Daniel.Ranft@giepa.de>, Christoph Anton Mitterer <calestyo@scientia.net>, "openpgp@ietf.org" <openpgp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/SmwKcLqsIwNjnyCEJ-jWgMEEP3M>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2015 17:58:12 -0000

On Mon, Apr 27, 2015 at 12:23 PM, Werner Koch <wk@gnupg.org> wrote:
> On Mon, 27 Apr 2015 18:03, Daniel.Ranft@giepa.de said:
>
>> You could use a QR code for at least the business cards? We discussed something like that on the OpenPGP summit a couple of days ago.
>
> During one session it was remarked that one of the larger participating
> projects got research results on QR codes indicating that QR codes don't
> work reliable for mass deployment.  Thus for backing up and syncing
> private keys they use a letters and digits based code to seed a PRNG.

I can't see the point of that.

Encryption of the private key works fine. We have many resources that
allow us to deposit chunks of data in the cloud and rely on them being
available in the future.

Note that here we are talking about THE cloud, not A cloud. While
there are many clouds for computing, archival storage of vital data is
an example of an application where the network effects come into play.

Encrypt the private key(s) under a symmetric key, split the symmetric
key into as many shares as you need. Print out the key shares on paper
and you are done.

v2.23.0 | Report a Bug | By Email