> they are not necessary for the most part. > > Sorry, that wasn't very accurate or clear. I meant to say something along the > lines of "it's not necessary to have to check them if you use the blockchain." > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > On Mar 11, 2014, at 7:34 PM, Tao Effect <[email protected]> wrote: > > Hi Tony, > > but are fingerprints even a good idea? > > I don't think so, and they are not necessary for the most part. > > I'm working on a way to bring down the number of fingerprint checks to zero > (for most people), and one (for those who can understand the concept). > > This is accomplished by using blockchains to distribute public key > fingerprints. > > There is a working implementation of this called DNSChain (one of the > projects that I'm working on): > > http://github.com/okTurtles/dnschain > > DNSChain makes it possible to check a fingerprint (for the DNSChain server) > once, and from then on never worry about it again. > > One of the goals of DNSChain is to secure TLS from MITM attacks, and thereby > secure HTTPS (and all other protocols that depend on TLS) from such attacks. > Simultaneously, it greatly simplifies network security for end-users. > > Details are on the GitHub and this blog post: > > http://blog.okturtles.com/2014/02/introducing-the-dotdns-metatld/ > > Cheers, > Greg > > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > On Mar 11, 2014, at 6:33 AM, Tony Arcieri <[email protected]> wrote: > > I feel like solutions that rely on manual verification of key fingerprints > fall into this category: > > http://i.imgur.com/2bEWKNS.png > > I don't think these solutions are providing effective security. I feel we > need to start from the real needs of real users, and work backwards. > > One can propose a study for optimum time-based fingerprint verification and > study fingerprint accuracy, but are fingerprints even a good idea? I feel > that's where you need to start with any sort of usability study. > > Cryptocat's usability studies are addressing this problem. Short > Authentication Strings are addressing this problem. Solutions for optimal > fingerprint comparison accuracy, IMO, are ignoring the problem, and studying > the wrong solution. > > Thoughts? > > -- > Tony Arcieri > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
