add note about Bob mashing the "Verify" button prematurely

2026-02-04 21:33:42 +01:00 · 2018-08-20 19:35:27 -04:00 · 2018-08-20 19:35:27 -04:00 · acd9a5d32f
parent 3734471028
commit acd9a5d32f
1 changed files with 15 additions and 0 deletions
--- a/proposals/1543-qr_code_key_verification.md
+++ b/proposals/1543-qr_code_key_verification.md
@ -83,6 +83,21 @@ Step 4 is to ensure that Bob does not present a QR code claiming to be Carol's
 key.  Without this check, Bob will be able to trick Alice into verifying a key
 under his control, and evesdropping on Alice's communications with Carol.

+The security of verifying Alice's key depends on Bob not hitting the "Verified"
+button until after Alice's device indicates success.  However, users have a
+tendency to click on buttons without reading what the screen says.  This might
+be addressed by:
+
+- allowing Bob to easily undo the verification if Alice's device subsequently
+  gives an error
+- posing Bob a dummy question that he cannot answer until after Alice's device
+  displays the check results.  For example: "Does Alice's device show a cat or
+  a dog?"  Alice's device will show one or the other after it has checked the
+  key received from Bob, forcing Bob to wait for the check to complete.
+  (Whether a cat or a dog is displayed could be keyed to, for example, a bit in
+  the transaction ID.)
+- (possibly other ways)
+
 Other Issues
 ------------