[Freedombox-discuss] Tap-to-share PGP key exchange
Timur Mehrvarz
timur.mehrvarz at googlemail.com
Tue Oct 4 15:56:00 UTC 2011
On 03.10.2011 11:36, Alex Stapleton wrote:
>
> On 30 Sep 2011, at 23:02, Timur Mehrvarz wrote:
> >
> > 1. click on the received .asc file
> > 2. click on "QR verification" in the "Apply action..." menu
> > 3. click to snap / click to continue to switch around
> > 4. click to continue to switch around / click to snap
> >
> > Or can we do "less"?
>
> On phones with front facing cameras you can do the display QR code and take photo of a QR code step at the same time I expect. Working out which camera is pointed at the intended QR code might be interesting though? Might not be too much of a pain for users to manage that issue themselves with a well placed finger though.
>
> Also instead of making the user click "continue" you could so something totally automatic. e.g. when a valid verification scan is done, the phone can immediately switch to display it's verification code and use it's wireless connection to request that the other phone displays the verification code. Then the human just needs to point cameras in the right direction.
I really wish we could get to a point where we can trust the wireless
connection, reducing the number of steps needed for PGP based
"friedning", making the process more acceptable for 'regular people'.
But for as long as we do not fully trust the wireless connection - which
is why we want to verify the key fingerprints - we cannot use it to
coordinate/automate the verification process. I think.
Timur
More information about the Freedombox-discuss
mailing list