vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

add link to schuermann-usenix2016.pdf

Browse source
This commit is contained in:
Heiko Schaefer 2023-12-04 00:20:22 +01:00
parent b058afec44
commit bd700e0313
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
book/source/04-certificates.md
View file

@ -525,7 +525,9 @@ For example, in workflows to accept a certificate for a communication partner, o
The OpenPGP version 6 standard uses 32 byte (256 bit) fingerprints, but explicitly defines no format for displaying those fingerprints in a human-readable form. The standard [recommends strongly against](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-fingerprint-usability) using version 6 fingerprints as identifiers in user-facing workflows.
Instead, "mechanical fingerprint transfer and comparison" should be preferred, wherever possible. The reasoning is that humans tend to be bad at comparing high-entropy data (in addition, many users are probably put off by being asked to compare long hexadecimal strings).
Instead, "mechanical fingerprint transfer and comparison" should be preferred, wherever possible. The reasoning is that humans tend to be bad at comparing high-entropy data[^schuermann] (in addition, many users are probably put off by being asked to compare long hexadecimal strings).
[^schuermann]: See "An Empirical Study of Textual Key-Fingerprint Representations" <https://www.ibr.cs.tu-bs.de/papers/schuermann-usenix2016.pdf>
#### Use of Fingerprints and Key IDs in APIs