[FEATURE REQ, RFC],
improving ergonomic HMI fingerprint cross verification
David Shaw
dshaw at jabberwocky.com
Fri Jul 16 17:52:49 CEST 2004
On Fri, Jul 16, 2004 at 05:30:45PM +0200, Thomas Schorpp wrote:
> hello @all,
>
> since its little hard to cross-verify fingerprints on websites and
> especially over telephone calls with human voice conversation due to
> the long hexidecimal printouts of gpg --fingerprint, this could be a
> significant issue to the whole openpgp trust verification system
> impliing failure on human error.
>
> in short: its good reason therefore to have the old pgp way of
> option to print out the fingerprint the "military style",
> eg. "alpha, delta" easier and more securely human processable
> substitutes for "0abc, cd ef" in gnupg, kgpg and enigmail, maybe
> interesting for the ägypten projects too.
The problem with this sort of thing is translation. I don't know what
"Alpha Bravo Charlie Delta Echo Foxtrot" would be in other languages,
or even if it would be pronounced the same way. Still, this is an ITU
standard, so perhaps it would be familiar enough.
http://www.columbia.edu/~fuat/cuarc/phonetic.html has a lot of
phonetic alphabets.
Incidentally, PGP has what their marketing calls "biometric"
fingerprints. This is just a word list so people don't have to read
out the hex fingerprint. For example, my key fingerprint is:
7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
But in "biometric" form, it is:
klaxon misnomer willow company
cleanup potato upset hurricane
drainage resistor python outfielder
suspense guitarist optic hideaway
prowler Capricorn bombast fortitude
This would be a really big problem for translators.
David
More information about the Gnupg-devel
mailing list