[FEATURE REQ, RFC], improving ergonomic HMI fingerprint cross
t.schorpp at gmx.de
Fri Jul 16 18:58:28 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
David Shaw wrote:
| On Fri, Jul 16, 2004 at 05:30:45PM +0200, Thomas Schorpp wrote:
|>since its little hard to cross-verify fingerprints on websites and
|>especially over telephone calls with human voice conversation due to
|>the long hexidecimal printouts of gpg --fingerprint, this could be a
|>significant issue to the whole openpgp trust verification system
|>impliing failure on human error.
|>in short: its good reason therefore to have the old pgp way of
|>option to print out the fingerprint the "military style",
|>eg. "alpha, delta" easier and more securely human processable
|>substitutes for "0abc, cd ef" in gnupg, kgpg and enigmail, maybe
|>interesting for the ägypten projects too.
| The problem with this sort of thing is translation. I don't know what
| "Alpha Bravo Charlie Delta Echo Foxtrot" would be in other languages,
| or even if it would be pronounced the same way. Still, this is an ITU
| standard, so perhaps it would be familiar enough.
| http://www.columbia.edu/~fuat/cuarc/phonetic.html has a lot of
| phonetic alphabets.
| Incidentally, PGP has what their marketing calls "biometric"
| fingerprints. This is just a word list so people don't have to read
| out the hex fingerprint. For example, my key fingerprint is:
| 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
| But in "biometric" form, it is:
| klaxon misnomer willow company
| cleanup potato upset hurricane
| drainage resistor python outfielder
| suspense guitarist optic hideaway
| prowler Capricorn bombast fortitude
| This would be a really big problem for translators.
yes, agreed, additional comms translation stages, expecially human
language trans, must be out then, cos itll imply errors and endanger the
system, too risky.
and since the most people due to my surveys got most problems using
cryptographic systems apps and only few problems communicating a little
set of english words correctly, a us-english default for this held out
of gnupgs localisation translations should be acceptable(?).
security: the process of this fingerprint translation should be done
only within gnupgs secure core, respectively, kgpg, etc, should only
display the result.
are there any security analysises done about that "biometric trans" so far?
law question: will i violate nai's and patents rights in implementing
this or other usuable "biometric form" in gnupg?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-devel