-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/01/15 20:44, Trevor Perrin wrote: > On Fri, Jan 2, 2015 at 1:35 AM, Michael Rogers > <[email protected]> wrote: >> >> * The existing device introduces the new device to the user's >> other devices (if any) and the user's contacts' devices. This >> involves brokering a key exchange between each pair of devices to >> set up an encrypted and authenticated link. > > > That's a reasonable addition. > > Without a single "master" or "identity" key though, I'm not sure > how TOFU or out-of-band verification (like "fingerprints") would > work. > > For example, suppose I wanted to print something on my business > card that was sufficient for someone to send a message that all my > devices can decrypt. > > That's possible with a single master key, or with signatures, > since someone could lookup my public key from the fingerprint and > perhaps signatures from that key over device-specific keys. > > But it doesn't seem possible with this new proposal, since it > would require interaction with one of my devices to "broker" > knowledge of my other devices?
Let me say first of all that I don't think we should get hung up on business cards. Billions of people use mobile phones as their main or sole messaging devices; very few people print their own business cards. We should focus on the tech that people actually use. Having said that, if you wanted to print something on a business card in this model, it would be one or more QR codes. Each QR code would contain contact details for one of your devices, including a device-specific public key for authenticating a forward-secret key exchange. Having established a connection with one of your devices, your new contact would then be introduced to the other devices by the first device. If you wanted to skip the business card you could just display the QR code on the screen of the first device. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJUp6MeAAoJEBEET9GfxSfMDYQH/10fnigVx8Fcz5yAlCmJQH7k JXf2o7jFeHuSs9CmNF8ihO1navWmxPieQ997q7bUU8SQxchVvb49ocCr35czAO7S S8xT3AwomjAc5qBbVt1YMwy9G/1Ar43+21uawo/KuxEOpXSNla5iACdcvO51jAEH bAYJAo2Cm+mXTntaNre55X8V4IKFlsXbAyJ6JJUI+MCNaKHm30UmYk8Mg43l57XE y+RQrVuCTtDvJdlIEP6W1Y21helQlQbV0PpAROHol1L7Bq/f9EgU5Dn4uv0QtCdm /mCcJdgHNEo7KcECl0nxCk9vk6znUw+2yrsRnIZoLbquLFiufdtZcBd6pvSV91Q= =Qt3Q -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
