I followed the thread, good talk! Here is a completely different approach: make the information in the QR code insecure by design.
Not sure if this is the case, but I got inspired by how WhastApp does it. The QR code needs to be displayed somewhere. Where is that? If that's a website where the user already logged in, the dynamically generated QR code could have some plaintext data with the user account credentials.
Now, if we also want to provision the TLS cert, then passing a URL pointing to it and the expected fingerprint should work (right?).
To clarify the reason I mentioned QR codes in the first place, it is only for user convenience. Although humans can't read the QR codes, they are not "secure", just obscure
I don't see any reason we can't let the user see the provisioning URL and credentials and enter them manually, but the more convenient we make it the more people will use it.
Agreed. I never meant to imply they would need to be obscured in any way.
So, the information we would encode could be:
- account URI - password - server / outbound proxy (optional) - TLS cert URL - TLS cert fingerprint
Anything else?