[messaging] The Simple Thing
mwfarb at cmu.edu
Mon Oct 6 06:40:22 PDT 2014
On Oct 5, 2014, at 3:42 PM, Ben Laurie <ben at links.org> wrote:
> On 5 October 2014 20:22, Trevor Perrin <trevp at trevp.net> wrote:
>> On Sat, Oct 4, 2014 at 3:26 AM, Ben Laurie <ben at links.org> wrote:
>>> On 3 October 2014 22:35, Joseph Bonneau <jbonneau at gmail.com> wrote:The Simple Thing
>>> If there's this magical non-MITMable out-of-band channel, why is Alice not
>>> using it to send the message to Bob in the first place?
>> Well, think of dealing with fingerprints via scanning a QR code
>> (TextSecure), SafeSlinger, tapping NFC phones together, reading a
>> small hex string, etc.
>> Of course, it's inconvenient for every pair of Alice and Bob to do this.
> Precisely. OK, I get that being able to, for example, verify keys when
> I physically meet someone is helpful, its the exception rather than
> the rule - even for someone like me who understands what verification
> is and what it is for.
> In practice, I think the only currently verified key for TextSecure I
> have is for my wife. And that's possible because we live in the same
>> So it's nice to have 3rd-parties that Alice can confirm Bob's key
>> with. CT is one way to do this, but there are others (e.g. Alice
>> could query monitors directly, instead of using gossip + proofs).
> I am objecting to the idea that there are OOB channels available to
> most people, rather than the idea that verification is a good thing.
Indeed. SafeSlinger, QR codes, NFC are all "opportunistic verification". To be the most useful, they should be applied to use cases where real-time OOB interaction does not inconvenience the user: co-located physical meetings, and for SafeSlinger the addition of phone calls or video chat. One of our main goals in SafeSlinger is provide better opportunities for OOB channels, which makes it available to anyone with a telephone and a smartphone currently with the potential for desktops later.
> Messaging mailing list
> Messaging at moderncrypto.org
Michael W. Farb
Research Programmer, Carnegie Mellon University CyLab
M 412-965-4725 - www.cylab.cmu.edu/safeslinger
More information about the Messaging