[Freedombox-discuss] the FreedomBox 'bump' challenge
anarcat
anarcat at anarcat.ath.cx
Tue Jun 14 21:58:49 UTC 2011
On Tue, Jun 14, 2011 at 02:49:19PM -0700, Stefano Maffulli wrote:
> On Tue, 2011-06-14 at 15:46 -0400, anarcat wrote:
> > I haven't been able to successfully store and read a complete public key
> > material on a qrcode, so right now only the fingerprint is stored.
>
> What kind of problems did you have? Is it a matter of space or something
> else?
My attempts at encoding big blobs with the "qrcode" package available
under Debian were unsuccessful. Either I could write the qrcode and not
read it back again, or i could just not write it at all.
> IIRC a vcard can store a complete gpg public key: have you tried
> putting the key there? The advantage of using a vcard is that, once you
> scan the qrcode you can get not just your contact's email and names, but
> also SIP address, web url and other things. Plus you can easily store
> them on the phone's addressbook.
For me the problem is not a matter of format but of data size.
> > We haven't considered trust in this scenario, since the whole idea was
> > to sign keys. Also, it assumes internet access as it downloads the key,
> > so the web of trust should just propagate through that...
>
> I think a prototype may assume all of this and we can add more
> functionalities later on. Signing the keys on a mobile phone seems
> complicated though: do people trust putting a signing key on a phone?
Well, you have to trust *something*. I think having a key *just* for the
phone would be reasonable. In my mind, having just the "trust db" in
there is not sufficient, as it's inconvenient to export and share. The
cryptographic signatures are much more reliable and standard. Plus they
can be cryptographically verified, revoked or expired. While a "trust
setting" is much less significant, has no cryptographic backing and
cannot be expired (but it can be revoked).
> > The latest code of monkeysign should be available here:
> >
> > git://git.monkeysphere.info/monkeysign
>
> I'm playing with it, thanks.
Patches are obviously welcome. :)
A.
--
Nothing incites to money-crimes like great poverty or great wealth.
- Mark Twain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110614/13203f15/attachment-0001.pgp>
More information about the Freedombox-discuss
mailing list