On 06/16/2014 09:59 AM, David Leon Gil wrote: > *Factor C.* Psychological incentive to accept fakes: > > 1. None > 2. Game-like (e.g., performance compensation + directive to answer as quickly > as possible) > 3. Realistic pressure (e.g., pressure to please experimenter)
In the real world, the incentive to accept fakes is slightly different
than either of the above. In nearly all scenarios [0] where a
fingerprint is presented and needs to be confirmed or denied, it is *an
obstacle in the way of doing what you were trying to do*.
That is, if you say "this doesn't match", then you don't get to talk to
the other person, or you don't get to visit the web site, or you don't
get to log into the server.
I'm not sure how you'd model this incentive properly in an experiment.
--dkg
[0] OTR is just about the only exception to this obstacle situation, and
in practice, many users of OTR simply skip the fingerprint comparison or
SMP confirmation step entirely (which i think might even be strictly
worse than accepting an unverified fingerprint once and getting
TOFU-like alerts upon peer key change).
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
