← Back to team overview

ubuntu-phone team mailing list archive

  1. ubuntu-phone team
  2. Mailing list archive
  3. Message #03115

Re: [feature request/question] Encrypted email/sms support?

  Thread PreviousDate PreviousThread Next 
The phone number approach was being used to authenticate SMS communications.


On Thu, Jul 18, 2013 at 1:54 PM, Sam Bull <sam.hacking@xxxxxxxx> wrote:

> On Thu, 2013-07-18 at 20:26 +0200, Rasmus Eneman wrote:
> > >If you're going to handle key creation and exchange invisibly, what
> > use is GPG?
> > Because we would want that infrastructure for the email anyways.
>
> I think his point is that the strength of GPG is in it's trust model. We
> can handle key creation and exchange invisibly, and provide an encrypted
> session. But, we should make the interface clear that the recipient is
> not verified, and provide instructions on how to verify the recipient's
> key (and then sign it).
>
> > We trust the phone number as SIM cards isn't clone-able.
>
> Even if that is true, how are you going to send the phone number over
> the internet in a way which I couldn't just replace with a fake number?
> Basically, that's not going to work.
>
> > If not we should notice the user, explain why this could happen and
> > ask him or her if the new key is trusted.
>
> Ignore the phone number approach, but this is what should happen if a
> new key is detected. It again needs to be clear that the new key needs
> to go through verification as before.
>
>


-- 
Sincerely,
    Josh

Follow ups

References

  Thread PreviousDate PreviousThread Next