On 06/23/2011 07:58 PM, Erik Harmon wrote: > Why not just generate an ephemeral 256-bit AES key, encode that as a qr > code, then the freedombox owner transmits their ip address and entire PK > including sigs using that key?
We need to move away from thinking of an IP address as any sort of permanent or identifiable resource, so i don't think that necessarily belongs in the information we're talking about here, unless we're talking about an acknowledged-to-be-volatile address. > Via bluetooth, nfc, wifi, or whatever. The qr > code becomes of reasonable size, there's very low chance of interception, > and the you can transmit as much as you want right then and there. this works assuming both parties have the same set of bluetooth, nfc, wifi, or whatever technologies available at the same time. In my e-mail to this list on 2011-06-14, you'll note that i suggested the same thing: on 2011-06-14, in Message-ID: <[email protected]>, dkg wrote: >> If you want to avoid snooping as well as spoofing, you could transmit a >> session nonce within the QR code, and broadcast the key encrypted with >> the session nonce. However, I don't think this absolves the handshake of the need to transmit the public key fingerprint in *addition* to the ephemeral AES key (which i called more generically the "session nonce") in the QRCode. Getting the fingerprint via a non-spoofable channel (the line-of-sight QRcode) is a critical double-check that the information received via spoofable means (wifi, bluetooth, etc) is actually the data from the intended sender. for a concrete example: let's say Alice shows Bob a QRCode which just contains the ephemeral AES key. If Mallory can sneak a peak at the QRCode, she can broadcast (via the same means as Alice any arbitrary information, encrypted with that same session key. But if Alice's QRCode shows both a session key and her fingerprint, then any faulty information provided by Mallory will be flagged immediately by Bob's client as invalid, because the fingerprint does not match. In this case, Mallory can still snoop on the transaction (because she caught a glimpse of the QRCode) but she can't reliably inject malicious content; Bob's client is protected from malicious content because it discards anything that does not match the message digest (the fingerprint). Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
