On 1/29/14, Moxie Marlinspike <[email protected]> wrote: > Subsequent questions tend to include things like "wait, what's the > difference between a key and a fingerprint?" There's no great reason a > person who wants to send messages should need to know that.
The difference is that you can encrypt messages to a key offline, but you need to be connected to the Internet (and to a working directory server of some sort) in order to encrypt messages to a fingerprint. > My intuition is that we just shouldn't be showing the user a fingerprint > at all if even remotely possible (TOFU). If it's necessary to display a > real fingerprint at some point, the user isn't going to have any idea > what's going on, so it probably doesn't matter whether it's a set of > gibberish words, a hex string, or b32 character string. That's another of Ross Anderson's usability lessons: if you want the user to check a fingerprint, make the user type it in and have the software compare it. (And in that case, it may as well be a key or password of some sort, especially with ECC.) Robert Ransom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
