On Thu, Aug 21, 2008 at 5:28 AM, Simon Josefsson <[EMAIL PROTECTED]> wrote: > Jonathan Schleifer <[EMAIL PROTECTED]> writes: > >> GPG should only be an option and not the default, never more, as GPG >> is not user friendly to the average user. > > I don't think non-technical users need to ever see anything except > similar user interfaces as shown earlier in this thread. > >> It wouldn't really work with a dialog like that. We already have >> problems getting people to verify the SAS, how do you expect them to >> verify a fingerprint? ;) > > You can transform an OpenPGP key fingerprint into a SAS-like string, if > that makes you feel better, and ask users to verify that. Hash the > OpenPGP fingerprint, truncate it and encode it using the same length and > characters as used by SAS today.
This actually isn't as secure as an SAS if done exactly this way, because the attacker can generate a key that matches the truncated hash via exhaustive search. What is secure is if the relying party chooses random bits out of the fingerprint to ask the user to check, thus forcing the full fingerprint to be secure. I'm not yet sure how to do a good UI for this. -Ekr
