[OTR-users] Opinions on proposed "unknown fingerprint" behaviour?
Paul Wouters
paul at cypherpunks.ca
Sat May 21 18:26:07 EDT 2005
On Thu, 19 May 2005, Ian Goldberg wrote:
> The largest usability issue with OTR right now seems to me to be what
> happens when you try to talk to someone for the first time. Each side
> having to actively accept the other's fingerprint leads to all sorts of
> weird behaviours when one side accepts, and then starts typing before
> the other side accepts.
How about having three states of OTR:
red: Insecure communication
yellow: Using OTR, but not manually configured the fingerprint
green: Using OTR, confirmed fingerprint.
The OTR button could then change from green to yellow automatically,
without nasty windows, and the button can provide a way to go from
yellow to green, using similar popups that are in use today.
A configuration option could be added which disallows the yellow state,
causing the current (paranoid) kind of setup. This option could be
called "Allow leap-of-faith OTR communication".
Some help button/option should be available to more elaborately explain
the differences and the risks to the users.
The second issue is when a user now changes key. Should we still allow
the leap of faith, ir should this always pop up a warning? I think if
you get multiple keys for a single identity, we should always do some
warning.
Another aspect of this kind of setup could be to allow importing of
fingerprints through external methods. This could be http, ldap or dns.
For example, one could put a fingerprint in a TXT or OTRKEY dns record,
which would hopefully be signed by someone you trust somewhere in the
hierarchy.
Paul
More information about the OTR-users
mailing list