I feel like solutions that rely on manual verification of key fingerprints fall into this category:
http://i.imgur.com/2bEWKNS.png I don't think these solutions are providing effective security. I feel we need to start from the real needs of real users, and work backwards. One can propose a study for optimum time-based fingerprint verification and study fingerprint accuracy, but are fingerprints even a good idea? I feel that's where you need to start with any sort of usability study. Cryptocat's usability studies are addressing this problem. Short Authentication Strings are addressing this problem. Solutions for optimal fingerprint comparison accuracy, IMO, are ignoring the problem, and studying the wrong solution. Thoughts? -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
