[messaging] OTR pre-verification pinning [was: Fingerprint usability study]
Filippo Valsorda
hi at filippo.io
Tue Jun 17 13:36:50 PDT 2014
On 2014-06-17 18:55:15 +0000, Daniel Kahn Gillmor said:
> In the real world, the incentive to accept fakes is slightly different
> than either of the above. In nearly all scenarios [0] where a
> fingerprint is presented and needs to be confirmed or denied, it is *an
> obstacle in the way of doing what you were trying to do*.
>
> [...]
>
> [0] OTR is just about the only exception to this obstacle situation, and
> in practice, many users of OTR simply skip the fingerprint comparison or
> SMP confirmation step entirely (which i think might even be strictly
> worse than accepting an unverified fingerprint once and getting
> TOFU-like alerts upon peer key change).
I wonder if this behavior is spec-dictated. I think that it might make
sense to pin the peer key on first sight and give a warning if a new
one is encountered (and obviously upgrade it to verified once the user
takes that step).
Are there any implementations doing it this way or was this ever
discussed before for OTR?
-- filippo
More information about the Messaging
mailing list