[messaging] Audible public-key fingerprints

Andy Isaacson adi at hexapodia.org
Sun Aug 17 10:30:17 PDT 2014

On Sun, Aug 17, 2014 at 06:52:21PM +0200, Mike Hearn wrote:
> > The user-comprehensibility of one device singing a key to another device
> > is somewhat compelling.
> I'd say it's maybe the opposite - if you're exposing the notion of a key
> you already lost the user comprehension war.

Of course it depends on your targeted userbase, but that seems obviously
untrue for "most interested users".  Humans understand secrets, and the
idea of an identity poem isn't impossible to comprehend.  Casting things
in more human accessible terms might even help with comprehension, cf


> The nice thing about BT is it
> can be completely passive. Did you have a nice conversation with some
> stranger this afternoon? No worries, this evening you can send them an
> encrypted message: your phone already has their first name + photo in the
> "recent encounters" screen and you can just go ahead and start chatting.

Again of course it depends on userbase, but I don't think building a
comprehensive permanent database of every ephemeral contact is a good
strategy!  Certainly most of my
nontechnical-but-concerned-about-security user encounters have indicated
that they wish their digital devices gather *less* information about
their life rather than more.


More information about the Messaging mailing list