[Freedombox-discuss] the FreedomBox 'bump' challenge

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 16 14:04:37 UTC 2011


On 06/15/2011 06:50 PM, Stefano Maffulli wrote:
> On Wed, 2011-06-15 at 22:33 +0000, Clint Adams wrote:
>> It has KEY, which is supposed to contain the entire certificate,
>> which is, as other people have said, highly impractical in
>> a QR code.  I don't see anything else relevant.
> 
> Do we need to depend on QR code or can we use another for of wireless
> communication, like bluetooth?

bluetooth, 802.11, and other wireless radio technology is difficult if
not impossible to secure from snooping (unwanted intruders observing the
transaction) and spoofing (unwanted intruders actively modifying the
transaction).

The advantage of line-of-sight camera + QRcode is that it works in a
domain that (most) humans can detect and reason about directly.

I might ask you: "Was there another QRcode directly in front of the
camera when you captured the data?"  You can tell me the answer to that
immediately without even wondering how you know.

How about if i ask you "was there another bluetooth device in range of
your bluetooth receiver during the data exchange?"  Could you answer
that confidently?

	--dkg

PS the "(most)" above made me realize that the technique we're outlining
here won't actually provide secure transfer for the visually-impaired.
Those folks might still need to rely on older mechanisms (e.g. listening
to the friend read the fingerprint and typing it in), or perhaps we
could establish a wired-connection mechanism that functions only over a
point-to-point link that could be physically verified.

I'd be happy to hear suggestions from visually-impaired folks about what
they think might work best for them in this bootstrapping process.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110616/5d0b3017/attachment-0001.pgp>


More information about the Freedombox-discuss mailing list