[messaging] OTR pre-verification pinning [was: Fingerprint usability study]

Filippo Valsorda hi at filippo.io
Tue Jun 17 13:36:50 PDT 2014


On 2014-06-17 18:55:15 +0000, Daniel Kahn Gillmor said:

> In the real world, the incentive to accept fakes is slightly different
> than either of the above.  In nearly all scenarios [0] where a
> fingerprint is presented and needs to be confirmed or denied, it is *an
> obstacle in the way of doing what you were trying to do*.
> 
> [...]
> 
> [0] OTR is just about the only exception to this obstacle situation, and
> in practice, many users of OTR simply skip the fingerprint comparison or
> SMP confirmation step entirely (which i think might even be strictly
> worse than accepting an unverified fingerprint once and getting
> TOFU-like alerts upon peer key change).

I wonder if this behavior is spec-dictated. I think that it might make 
sense to pin the peer key on first sight and give a warning if a new 
one is encountered (and obviously upgrade it to verified once the user 
takes that step).

Are there any implementations doing it this way or was this ever 
discussed before for OTR?

-- filippo




More information about the Messaging mailing list