Open maltfield opened 9 months ago
du82
commented
9 months ago Is this different from "You can verify contacts out of band?" since the "out of band" part implies physically showing something like a QR code to be scanned.
If so, please explain and I can add your criteria and get the logic stuff set up for the row
Thanks for raising the issue, every contribution helps :)
maltfield
commented
9 months ago This is not different from "you can verify contacts out of band". But, specifically: the app has some UI to verify the contacts out of band.
Yes, physically scanning something like a QR code is one method of out-of-band authentication verification.
Please let me know if you need any further clarification.
du82
commented
9 months ago I think "You can verify contacts out of band" is more suitible because it doesn't require a UI element. This spreadsheet purely covers privacy capabilities, not the interface of which the capabilities are implemented. Terminal clients wouldn't satisfy the requirement for example.
If you have suggestions on how to better word the existing criteria I'm open to it, thanks again for raising the issues
maltfield
commented
9 months ago UI != GUI
UI includes GUIs, CLIs, and TUIs. If "You can verify contacts out of band" already provides this data point, then please feel free to close this ticket.
This is a request to add a new row (called
Contact Auth UI) to the spreadsheet that tracks whether or not an app has some UI for users to to verify their contacts' authenticity.Why?
The purpose of this is to authenticate the contact to make sure that the contact is who they say they are (and not someone pretending to be them or a MITM attacker that's relaying messages)
Examples
This is typically implemented by having one user scan a QR code of their contact's public key (eg Threema).
Other apps may implement this by displaying a fingerprint or a series of words.