Separate the Business Card Use Case from SecureJoin

Feature Proposal
1

The QR code generated for performing SecureJoin currently serves two different use cases.

Case 1 is mutual out-of-band fingerprint verification. For this purpose, the secrets encoded in the QR code should ideally be as short-lived as possible (as far as I understand). It is somewhat reasonable to assume that in this use case, both end-user devices are online at the same time.

Case 2 is business cards (and similar long-lived and widely distributed invitations). In this case, it is unclear whether both devices can be expected to be online at the same time. E.g. I could turn off my end-user device on certain occasions, I might put it in flight mode, I might run out of battery; since I don’t know when the other party will scan the code, there is no guarantee that my device will be online when this happens. If the other party scans the code and my device is offline, the other party could easily assume that the invite code must be broken.

Case 1 is covered quite well by the current SecureJoin implementation – except that the shared secrets should arguably expire automatically, rather than after a manual reset. If you didn’t need to worry about business cards any more, you could advance even faster on this front.

Case 2 is arguably not served so well by SecureJoin. However, if Delta Chat had support for importing OpenPGP keys from URLs, users could publish their public key anywhere they like – and simply print a link to that key on their business card. This link could be as long-lived as the user wishes; and it would work reliably even when their end-user device is offline.

A concrete proposal

The existing invite codes look (roughly) like this:

https://i.delta.chat/#FINGERPRINT&v=3&i=INVITE-CODE&s=SECRET&a=bob@example.com&n=BOB

Delta Chat could introduce additional read-only support for codes that look (roughly) like this:

https://i.delta.chat/#FINGERPRINT&url=https://example.com/path/to/key.asc&n=BOB

Such codes could be used to

  1. Publish your key on some keyserver – and then distribute a link which Delta Chat understands.
  2. Publish your key via Web Key Directory – and then distribute a link which Delta Chat understands.
  3. Publish your key on your own website – and then distribute a link which Delta Chat understands.
  4. Run a Delta Chat bot that publishes the key anywhere it pleases (e.g. below https://nine.testrun.org/keys/) – and then returns a link (or image) that can be printed on a business card.

One could even indicate the different security guarantees of these two key distribution mechanisms. If a key is retrieved via SecureJoin, the contact is verified (as in: mutual out-of-band fingerprint verification). If a key is retrieved via URL lookup, the conversation is end-to-end encrypted, but the verification is one-way only; and also rather weak, so maybe “unverified” would be a fitting simplification in this case.

[Final note: This is similar to https://support.delta.chat/t/scanning-a-vcard-qr-code-should-use-the-pgp-key-for-e2ee/, which also suggests importing keys from URLs – albeit with a different encoding scheme.]