Re: QR Code data transfer protocol?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I was not clear here.  I was not responding to Michael "offline" and goofed.
I was responding that the operation would be working with an "offline" system.
No Internet or other comm at all other than what the camera and screen can provide. 

And specific programs that limit what is passing via them.

Note that in IEEE 802.15.7 there was work on light comm....  :)

On 7/17/23 13:27, Robert Moskowitz wrote:



On 7/17/23 13:17, Michael Richardson wrote:

Robert Moskowitz <rgm-ietf@xxxxxxxxxxxxxxx> wrote:
     > Is there an existing protocol to transfer a data file via QR codes?
     > Say one computer shows a QR code on it screen and the second "reads" 
     > it.
My impression is that TIGRESS aims to include QRcode as a way to initiate the credential transfer.  Other transports would be various kinds of (instant) messaging.
     > The application is for a disconnected system to "safely" receive a data 
     > file to inspect and use and have a high degree of confidence that
     > nothing else is sneaking through.
TIGRESS does not really allow the receiver to be *offline*, but not connected directly to the sender.  If your content is small enough, I imagine one could 
use data:// URL within the QR code itself.
     > I want this for transfering a PKIX CSR to an offline signing CA that 
     > would then respond with the cert (or a NAK to the CSR).

All over QRcode?
And is if offline that you really want, or just assurance of physical proximity? 

Offline.
Consider a CA signing process where one party is in the US, the other Canada.  They are meeting over Zoom.
The requesting party holds up a computer with the CSR data in a QR code.  The ones I am making should fit.
The signing party holds up their offline signing system to receive the QR code and create the cert which it then encodes in a QR code. 

The signing system then displays the cert QR code to be read from it.
Thus the system with the signing private key is never connected. The QR content is read to be processed but should never be tried to see if it is code to corrupt the signing system.
Not for frequent use.  But rather for signing with root keys or intermediate keys for issuing certs. 

A potential way to move to not-in-person signing.
Can I get an auditor to agree this is OK?  well with the cost of travel and such, I need such an approach... 

Bob
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux