On 24/06/11 05:25, John Gilmore wrote: >>> The updated status of 'we met, we have noted each other's >>> identity, we like each other' can be then transmitted [...] >> I think it is a mistake to mix "we like each other" into the identity >> verification process here. >> >> The crucial thing is to verify *identity*. If i meet someone who i >> don't like, as long as i'm sure of who they are, i should be able to use >> the same process. > I would go further. I wouldn't even tie the person to some kind > of global identity, government ID, or "verification". > > In a decentralized network with cryptographic protection, each > person's key should represent themself -- not their name, not their > driver's license, not their address, not their passport. They can be > "Uncle Charlie" in one person's freedombox, and "Charles Knox, Esq." > in another's. In a third freedombox, the key could represent "Guy I > met at fish dinner with JoAnn, March 2011". Or "Chuck who I always > see in the library on Tuesdays". > > The implication for FreedomBox design is that a user's key should be > transmitted WITHOUT further identifying information. Any identifiers > for a received key should be provided by the receiving party. > > Not automatically tying a key to a self-claimed identity, nor a > government-issued identity, nor even a photo, will help freedom > fighters stay free when the government grabs somebody and tries to > find all their collaborators. And I think it simplifies the security > model, while still providing what our applications need, which is a > way to identify someone at a distance [over the network] as a > particular person who we have interacted with before. > > Of course, people are free to snap a photo, with permission, when > exchanging keys; or to photograph the other person's business card > or vCard, or type in a full name. Or even a driver's license number. > But this shouldn't be required, and I don't even think it should be > the default. > > This concept is only a few weeks old; I could've missed some big > reasons not to do it this way.
Would this be kind of the same usage we have for phone numbers nowadays? (Mobile or land-line.) We can save them, tie them -or not- to an imaginary identity in our phone (the contact's name, if we put any), group them under a common identity if we want to (or not), add identity data (photo, etc.) if we want to (or not, as always). I.e. if I get this right, a public key could become a new kind of phone number? (without the addressing aspect present in phone numbers) -- Sébastien Lerique [email protected] | @wehlutyk on twitter/identi.ca Experimenting a FreedomBox: http://mehho.net Distributing home-hosted services: http://www.evomuse.org/wiki _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
