Users should be prompted to verify the identity of the key they are signing
Registered by
Kaylee Hirsch
Users need to both be warned of the possible insecurities of signing the key public key of someone they don't know well, and asked to provide some kind of secret information to prove that they really know the person. It has been suggested that we provide a prompt for a secret info phrase, and encode that info in the data blob sent for "friending". We then warn the user in scary red (or something equally warning-like), that sending the secret info by email is a BAD IDEA. On a similar note, there should be similar red text warning the user when they select to sign the key with the highest level of security. We want to scare people away from casually signing at the highest level because it's easier.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Kaylee Hirsch
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)