On Tue, 2011-06-14 at 15:46 -0400, anarcat wrote: > What monkeysign currently does is to display a qrcode representing your > PGP fingerprint, then it also tries to read the other's fingerprint. The > it should try to go through a key signature protocol the usual way, > although that part still has to be implemented, IIRC.
awesome! this sounds very close to the idea I described. > I haven't been able to successfully store and read a complete public key > material on a qrcode, so right now only the fingerprint is stored. What kind of problems did you have? Is it a matter of space or something else? IIRC a vcard can store a complete gpg public key: have you tried putting the key there? The advantage of using a vcard is that, once you scan the qrcode you can get not just your contact's email and names, but also SIP address, web url and other things. Plus you can easily store them on the phone's addressbook. > We haven't considered trust in this scenario, since the whole idea was > to sign keys. Also, it assumes internet access as it downloads the key, > so the web of trust should just propagate through that... I think a prototype may assume all of this and we can add more functionalities later on. Signing the keys on a mobile phone seems complicated though: do people trust putting a signing key on a phone? > The latest code of monkeysign should be available here: > > git://git.monkeysphere.info/monkeysign I'm playing with it, thanks. /stef _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
