[messaging] Useability of public-key fingerprints

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jan 31 12:29:03 PST 2014


On 01/31/2014 02:50 PM, John-Mark Gurney wrote:
> If you have a high bandwidth interactive channel, why not do a DH key
> exchange, and then use a short hash (pin) to validate the DH key
> exchange..  Once you have validated the DH key exchange, you can pass
> any data over the channel...

This is the essence of what SAS (see other thread on "Short Auth
Strings") does, right?  Do you see any specific differences between the
SAS approach and what you describe?

What do you think about the downsides of the SAS approach trevor
mentioned in the first message in that thread?

I think avoiding the extra step of human confirmation can be an advantage.

Presented with a prompt that says "is 10352 the correct PIN?", users
will most likely read "Yes" as either "get on with it already" and "No"
as "argh why are you getting in my way?"  Even for users who are more
vigilant, once the user has transferred a dozen files this way, and
never gotten a bad PIN, will they be inclined to relax their vigilance
on subsequent checks.

Done the other way around, with a cryptographically-strong initial
peering that is clearly tamper-evident, the user has less of an
opportunity to exercise laziness.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140131/fa248d45/attachment.sig>


More information about the Messaging mailing list