[FEATURE REQ, RFC], improving ergonomic HMI fingerprint cross verification

David Shaw dshaw at jabberwocky.com
Fri Jul 16 17:52:49 CEST 2004

On Fri, Jul 16, 2004 at 05:30:45PM +0200, Thomas Schorpp wrote:
> hello @all,
> since its little hard to cross-verify fingerprints on websites and
> especially over telephone calls with human voice conversation due to
> the long hexidecimal printouts of gpg --fingerprint, this could be a
> significant issue to the whole openpgp trust verification system
> impliing failure on human error.
> in short: its good reason therefore to have the old pgp way of
> option to print out the fingerprint the "military style",
> eg. "alpha, delta" easier and more securely human processable
> substitutes for "0abc, cd ef" in gnupg, kgpg and enigmail, maybe
> interesting for the ägypten projects too.

The problem with this sort of thing is translation.  I don't know what
"Alpha Bravo Charlie Delta Echo Foxtrot" would be in other languages,
or even if it would be pronounced the same way.  Still, this is an ITU
standard, so perhaps it would be familiar enough.

http://www.columbia.edu/~fuat/cuarc/phonetic.html has a lot of
phonetic alphabets.

Incidentally, PGP has what their marketing calls "biometric"
fingerprints.  This is just a word list so people don't have to read
out the hex fingerprint.  For example, my key fingerprint is:

    7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560

But in "biometric" form, it is:

    klaxon         misnomer       willow         company
    cleanup        potato         upset          hurricane
    drainage       resistor       python         outfielder
    suspense       guitarist      optic          hideaway
    prowler        Capricorn      bombast        fortitude

This would be a really big problem for translators.


More information about the Gnupg-devel mailing list