[messaging] Are we pursuing real solutions for security?

Tony Arcieri bascule at gmail.com
Tue Mar 11 03:33:02 PDT 2014

I feel like solutions that rely on manual verification of key fingerprints
fall into this category:


I don't think these solutions are providing effective security. I feel we
need to start from the real needs of real users, and work backwards.

One can propose a study for optimum time-based fingerprint verification and
study fingerprint accuracy, but are fingerprints even a good idea? I feel
that's where you need to start with any sort of usability study.

Cryptocat's usability studies are addressing this problem. Short
Authentication Strings are addressing this problem. Solutions for optimal
fingerprint comparison accuracy, IMO, are ignoring the problem, and
studying the wrong solution.


Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140311/b87d32f2/attachment.html>

More information about the Messaging mailing list