I was thinking a Progressive Web App (PWA) to avoid writing multiple Android, Web, iOS apps... I know QR codes are more broadly used but I'm not sure if they can store the amount of info we would need? I think you need 384 bits plus the data we need to encode for secure ECDSA? Aztec codes seem to be used somewhat ubiquitously and seem also to be able to store a good amount more data than QR. Building a PWA using Aztec codes for end users, we might be able to use the JS port of Zxing: https://github.com/LazarSoft/jsqrcode
If the URL in the Aztec code designates a landing page on the manufacturer's certified domain, that end point can deliver up the correct public key, and since that is used to verify the signature, and a man in the middle attack is prevented by the manufacturer's domain's cert, I think we'd be done. I'm thinking we may not even need a server as the domain's certificate from a valid CA would serve this purpose. Thoughts? Cheers! Frank On Tuesday, December 26, 2017 at 2:37:44 PM UTC-5, Tamás Gulácsi wrote: > > On Tuesday, December 26, 2017 at 10:42:34 AM UTC-6, Frank Davidson wrote: >> >> Might make sense to port https://github.com/zxing to Go? Seems a popular >>> library and I think it was created by Google folks >>> >> > > Android already provides AZTEC reader: > > https://developers.google.com/android/reference/com/google/android/gms/vision/barcode/BarcodeDetector.Builder > > But Aztec format seems better for me in theory than QR-code, but QR-code > is waaaay better supported everywhere. > I still think that the previous opinions show that the biggest obstacle is > to synthesize the big picture: who will own the private key, what > participant will do what. > > I think we should clarify all the steps, generate all the possible > scenarios (what step can/should/must be done by which participant), > and provide the needed software libraries with clear, documented > interfaces. > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
