On Thursday 01 Aug 2013 12:04:17 Matthew Toseland wrote: > On Wednesday 31 Jul 2013 23:27:26 Steve Dougherty wrote: > > On 07/31/2013 10:50 AM, Matthew Toseland wrote: > > > On Wednesday 31 Jul 2013 00:01:05 Steve Dougherty wrote: > > >> On 07/30/2013 05:45 PM, xor wrote: > > >>> On Tuesday, July 30, 2013 02:38:28 PM Steve Dougherty wrote: > > >>> [snip] > > >>> How do you obtain the list of identities which you offer > > >>> the user to chose from? You should use GetIdentitiesByScore with > > >>> positive score filter (and context filter "Infocalypse", I think > > >>> it supports that as well). Where do you present him with the > > >>> list? Ideally, the UI which shows the list should pass through > > >>> the ID so you don't have to filter by nickname. > > >> > > >> There is no list to choose from. The user types something like "hg > > >> pull freenet:p0s/WoT" and Infocalypse resolves it to a URI (not > > >> necessarily one in the same subspace) and fetches it. > > > > > > Okay. The difficulty here is that there might be more than one p0s. > > > We should always use the p0s we used last time, for security's sake. > > > This is probably part of the reason why e.g. git has a list of > > > remotes for each repository. > > > > > > Maybe you should keep a list of aliases? Or boost an identity's trust > > > when you pull from it? Really this should be WoT functionality. > > > > I don't see why this needs to be anything more complex than aborting > > when an identifier used to look up an identity matches more than one > > identity. One need only specify the entire identity ID, perhaps with > > nickname for convenience, to always uniquely specify an identity. This > > partial matching is only for convenience. > > That makes a DoS too easy, makes mistakes too easy, and generally sucks > lemons for both security and usability. > > > > For local identities it should be really easy for someone to figure out > > which one they mean because the search space is very limited, and they > > created every identity in it. For remote identities it might involve > > more investigation. > > > > I think that making sure the identifier refers to the identity they want > > is the user's responsibility, not the software's responsibility. All the > > software has to do is halt if the user is anything less than specific > > enough to be exact. > > Git already HAS this functionality. A git repository has a list of remotes by > nickname. Each remote corresponds to a specific external repository URL. > That's all I'm asking for. > > > > The only possible problem I see with this is people pasting nicknames > > with maliciously indistinguishable UTF-8 characters intended to > > impersonate another identity. The solution to that is: "Type the > > nickname yourself or check/include the identity ID." > > More dubious security issues for no reason. :( > > git remote add operhiem1 operhiem1/fred > ^^^^^^^^ Look it up at *this* point
Sorry, to clarify, the last part is a (git) url: git remote add operhiem1 freenet:operhiem1/fred > git pull operhiem1 > ^^^^^^^^ Use the full URL (public key / USK / WoT identity) that we added.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
