[guardian-dev] Physical key exchanges

Hans-Christoph Steiner hans at guardianproject.info
Tue Apr 30 13:36:09 EDT 2013 

Sounds like an interesting idea. I don't know of anything along those lines
that already is widely used, but there are lots of ideas for this kind of
thing.  It is actually quite close to the ideas that we are working towards.
Here's a basic sketch of the direction we're going:

* make it easy to manage an offline master GPG key used only for
  creating subkeys and signing other people's keys

* make as many keys as possible use a subkey from the master
 (GPG encrypt/sign, OTR, SSH, TextSecure, etc.)

* use gpg lsign to allow for strict management of signatures

* share key certification signatures in using p2p techniques, like how you
describe.
  we're also looking at mDNS+XMPP (aka XMPP-Bonjour), bluetooth, WifiDirect,
NFC, etc.

* use public keyservers for circulating revoke certificates for all but
  especially sensitive users

We've been focusing on GnuPG 2.1-beta because it is the most flexible and
complete when it comes to key types (RSA, DSA, ECDSA, ElGamal...), keyrings
and import/export.  GnuPG 2.0 provides most of this functionality.

Hopefully that provides some useful ideas for starting points.  At the very
least, it sounds like there are chunks that we can collaborate on.

.hc

On 04/29/2013 11:25 PM, Tolo wrote:
> Hello,
> 
> I have been considering alternatives to online key exchanges due to
> increasing fears of man-in-the-middle attacks by governments in the Arab
> region and compromised (or under-duress) individuals in the Web of
> trust. I am considering an actual physical key (USB or card) exchange to
> simplify the process of key exchange amongst people on the ground and a
> easy mechanism to collectively isolate and remove compromised
> individuals from the WOT. I also am considering limiting the WOT and
> relying on Tor-style relaying of messages through a trusted group that
> becomes the 'inner' WOT that's unique to each individual. Has there been
> any work done in this area that I can build off?
> 
> Regards,
> Ahmed
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
>

More information about the Guardian-dev mailing list