Updated OpenPGP Security (markdown)
parent
b791424548
commit
c2f1e2539e
|
@ -71,7 +71,9 @@ So reasonable tools should not expose either short or long key IDs to users, or
|
||||||
|
|
||||||
For anything human-facing, we should be using human-intelligible things like user IDs and creation dates. These are trivial to forge, but people can relate to them. This is better than offering the user something that is also trivial to forge, but that people cannot relate to. The job of any key management UI should be to interpret the cryptographic assurances provided by the certifications and present that to the user in a comprehensible way.
|
For anything human-facing, we should be using human-intelligible things like user IDs and creation dates. These are trivial to forge, but people can relate to them. This is better than offering the user something that is also trivial to forge, but that people cannot relate to. The job of any key management UI should be to interpret the cryptographic assurances provided by the certifications and present that to the user in a comprehensible way.
|
||||||
|
|
||||||
For anything not human-facing (e.g. key management data storage, etc), we should be using the full key itself. We'll also want to store the full fingerprint as an index, since that is used for communication and key exchange (e.g. on calling cards).
|
For anything not human-facing (e.g. key management data storage, etc), we should be using the full key itself. We'll also want to store the full fingerprint as an index, since that is used for communication and key exchange (e.g. on calling cards).
|
||||||
|
|
||||||
|
#### In OpenKeychain
|
||||||
|
|
||||||
In OpenKeychain several methods for key exchange exists:
|
In OpenKeychain several methods for key exchange exists:
|
||||||
* QR Codes containing the full fingerprint
|
* QR Codes containing the full fingerprint
|
||||||
|
|
Loading…
Reference in New Issue