[Freedombox-discuss] the FreedomBox 'bump' challenge

Subject: [Freedombox-discuss] the FreedomBox 'bump' challenge
From: anarcat@anarcat.ath.cx (anarcat)
Date: Tue, 14 Jun 2011 15:46:44 -0400
Message-id: <[🔎] 20110614194644.GU4215@anarcat.ath.cx>
In-reply-to: <[🔎] 20110614191659.GA17383@scru.org>
References: <[🔎] 1308025810.1992.128.camel@biancone> <[🔎] 20110614191659.GA17383@scru.org>

On Tue, Jun 14, 2011 at 07:16:59PM +0000, Clint Adams wrote:
> On Mon, Jun 13, 2011 at 09:30:10PM -0700, Stefano Maffulli wrote:
> > One possible scenario is the following: User Jane meets her friend Ken,
> > they 'bump' their phones and by doing so they exchange not only their
> > private information (vcard, GPG keys) but also establish a high degree
> > of digital identity trust. The updated status of 'trust' can be then
> > transmitted back from the phone to their respective FreedomBoxes,
> > securing future communication between Jane and Ken.
> 
> I wonder if there is any monkeysign code which can be adapted for
> this.

What monkeysign currently does is to display a qrcode representing your
PGP fingerprint, then it also tries to read the other's fingerprint. The
it should try to go through a key signature protocol the usual way,
although that part still has to be implemented, IIRC.

I haven't been able to successfully store and read a complete public key
material on a qrcode, so right now only the fingerprint is stored.

We haven't considered trust in this scenario, since the whole idea was
to sign keys. Also, it assumes internet access as it downloads the key,
so the web of trust should just propagate through that...

The big advantage of qrcodes is that they provide visual feedback to the
user of what's going on and seems to be a fairly secure transport (I
haven't heard of any valid objection to line of sight communications
like this), whereas bluetooth, infrared and wifi can be cracked,
especially if there's no prior shared secrets...

The latest code of monkeysign should be available here:

git://git.monkeysphere.info/monkeysign

A.

-- 
Conformity-the natural instinct to passively yield to that vague something
recognized as authority.
                        - Mark Twain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110614/2e38b1b3/attachment-0001.pgp>

Reply to:

Follow-Ups:
- [Freedombox-discuss] the FreedomBox 'bump' challenge
  - From: stefano@maffulli.net (Stefano Maffulli)

References:
- [Freedombox-discuss] the FreedomBox 'bump' challenge
  - From: stefano@maffulli.net (Stefano Maffulli)
- [Freedombox-discuss] the FreedomBox 'bump' challenge
  - From: clint@debian.org (Clint Adams)

Prev by Date: [Freedombox-discuss] the FreedomBox 'bump' challenge
Next by Date: [Freedombox-discuss] the FreedomBox 'bump' challenge
Previous by thread: [Freedombox-discuss] the FreedomBox 'bump' challenge
Next by thread: [Freedombox-discuss] the FreedomBox 'bump' challenge
Index(es):
- Date
- Thread