I was not clear here. I was not responding to Michael "offline" and goofed.
I was responding that the operation would be working with an "offline"
system.
No Internet or other comm at all other than what the camera and screen
can provide.
And specific programs that limit what is passing via them.
Note that in IEEE 802.15.7 there was work on light comm.... :)
On 7/17/23 13:27, Robert Moskowitz wrote:
On 7/17/23 13:17, Michael Richardson wrote:
Robert Moskowitz <rgm-ietf@xxxxxxxxxxxxxxx> wrote:
> Is there an existing protocol to transfer a data file via QR
codes?
> Say one computer shows a QR code on it screen and the second
"reads"
> it.
My impression is that TIGRESS aims to include QRcode as a way to
initiate the
credential transfer. Other transports would be various kinds of
(instant) messaging.
> The application is for a disconnected system to "safely"
receive a data
> file to inspect and use and have a high degree of confidence that
> nothing else is sneaking through.
TIGRESS does not really allow the receiver to be *offline*, but not
connected
directly to the sender. If your content is small enough, I imagine
one could
use data:// URL within the QR code itself.
> I want this for transfering a PKIX CSR to an offline signing
CA that
> would then respond with the cert (or a NAK to the CSR).
All over QRcode?
And is if offline that you really want, or just assurance of physical
proximity?
Offline.
Consider a CA signing process where one party is in the US, the other
Canada. They are meeting over Zoom.
The requesting party holds up a computer with the CSR data in a QR
code. The ones I am making should fit.
The signing party holds up their offline signing system to receive the
QR code and create the cert which it then encodes in a QR code.
The signing system then displays the cert QR code to be read from it.
Thus the system with the signing private key is never connected. The
QR content is read to be processed but should never be tried to see if
it is code to corrupt the signing system.
Not for frequent use. But rather for signing with root keys or
intermediate keys for issuing certs.
A potential way to move to not-in-person signing.
Can I get an auditor to agree this is OK? well with the cost of
travel and such, I need such an approach...
Bob