GNOME Bugzilla – Bug 591028
Simplify key verification
Last modified: 2012-03-15 10:18:47 UTC
The goal is to make key verification so simple even my mother can use symetric encryption without explanation. If the set_trust dbus api is called, it will display a multiple choice box/ a wizard. This will guide the user through the verification process. Depending on the answers it will decide if there is a partial or full trust. The first layer asks for the relation to this person. the second layer has the verification methods. The methods displayed on the second layer depend on the answers on the first layer. My mother would not have to verify my passport and we could do the keyid/fingerprint thing over phone with a very good trust. But for people i never met I will have to check the passport to get a similar trust level. Possible Questions are: How good do you know the person ? • Never met • Would recognize the voice • Old friend/relative • Friend • workmate Depending on the answers on layer 1, there will be new questions like: • I did check the ID/Passport • I just phoned him/her • His/her homepage contains the fingerprint/id ... and asked the person if his key number _kj82734234__ has the fingerprint __1231231231__ After 2 or 3 questions anyone can be guided through the verification process. The trust level will be set depending on the quality of the check.
Interesting work you're doing in this area. I guess this is specific to PGP keys, no? I'll let Adam comment on this further. He has a lot of experience with things key signing parties, and the subtleties involved in PGP web of trust.
This is focused on PGP keys, yes. I am curious to learn about Adam's experiences
This is a good idea. But needs someone to implement it. I'm trying to change gnome-keyring bugzilla so it tracks actual work/bugs, rather than plans and ideas. Those are better suited for gnome-keyring-list@gnome.org until someone is ready to start implementation.