On 2013-09-01 13:02:26 +1000 (+1000), James A. Donald wrote: > On 2013-09-01 11:16 AM, Jeremy Stanley wrote: > [...] > > bring business cards (or even just slips of paper) with our name, > > E-mail address and 160-bit key fingerprint. > [...] > > The average user is disturbed by the sight a 160 bit hash. [...]
Perry was recounting a specific anecdote of meeting others at conferences (well, in bars after hours at conferences) and needing to exchange contact info spontaneously in person with an expectation of being able to securely communicate later. His implication was that this is an unsolved problem, and I was merely pointing out that an already-existing culture of non-trivial size has been doing precisely this on a regular basis for years. Perhaps the academic conference and free software conference worlds are so far apart as to make this a poor comparison after all, but it seemed a relevant data point. The "average" user is going to have bigger problems... glancing at a sequence of 40 hex digits to compare them to the fingerprint GnuPG gives them for your public key they just pulled from a keyserver is merely the tip of a much bigger key vetting and signing iceberg, but the in-person introduction piece is not that hard with a little bit of preparation (I've gotten in the habit of carrying key fingerprint cards in my wallet everywhere I go). -- { PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org ); WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl ); WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); } _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography