Hi folks. I've been told this is yet another place-to-be list and since it treats a topic I've been involved with since the 80s I guess I should participate. Many already know me, for the others I summarize my contributions in a few keywords: IRC, PSYC, psyced, Certificate Patrol, secushare, youbroketheinternet.org.
I was taking a glance at the archives and would like to add some info in reply to Trevor Perrin's mail from Mon Oct 6 02:08:57 PDT 2014 ( https://moderncrypto.org/mail-archive/messaging/2014/000943.html ). > Making it easy for people to pass public keys or fingerprints is a > challenge. We could try to optimize text representations, use QR > codes or NFC, use Namecoin-like names, and so on. GNS looks like > another alternative. Since secushare is aiming to provide a distributed social graph for the purpose of offering an alternative to Facebook & co that actually delivers more than what people expect from Facebook, it was pretty straightforward for us to realize that no key discovery method can ever beat the power of adopting a person from the social graph. When Amy, Eleanor, Billy and Jake claim that Bob is a friend of theirs, and they all provide the same public key for Bob, why should Alice worry that Bob may actually be a fake that fooled all their common friends? So once a distributed graph is available as an instrument to the majority of human beings, I expect that public keys will proliferate freely and construct a solid basis for an end-to-end encrypted infrastructure for humanity. The question to me is only who will be the first to provide such a tool. I am not aware of anyone else working on the same challenge. Of course you need to bootstrap your social graph with a few solid public key exchanges, but that can be achieved by sharing QR codes on business cards or shaking bluetooth devices at each other. I am optmistic that we could be having humanity on a secure messaging system within years if we only focus on the right issues to deal with. To reenforce the motivation to introduce such a secure messaging system for all of humanity I also came up with a EU law proposal, but that is a story for another post. Please change the subject line accordingly if you want to talk about that. > * "Scoped" names seem sort of confusing and less useful than global > names. I.e. "carol" isn't the global name of Alice's key, it's only > my name for Alice's key, so it's only useful if you already know my > key and understand this concept. Well, Facebook has shown how little real people care about global names if the applications are designed to not need them. We just need to design all applications like that, the entire GNU Web and Internet. > * "Query privacy" doesn't seem enough to prevent harvesting a lot of > the social graph. I.e. if you know my public key and are willing to > do thousands of DHT lookups, you'll probably find a lot of my > petnames. And if there's no DHT, storing all the entries in one place > will enable offline cracking. Yes, in Christian's original design if you brute force the nicknames of people you can get a glimpse of the social graph even if you're not entitled to. That can be fixed easily however, simply introduce a friend circle concept (think G+ circles, since 2003 PSYC uses the "channel" terminus) and have the nicknames be stored in THAT public key rather than in a person's root key. So in order to look up any people you need to know the public key of a channel which you typically only know if you have been invited to it. Even better than that I presume is to use the distributed social graph instead. A nickname then does not need to be looked up in a DHT, it is already available on your device - and you can only consult the graph if you are a legitimate subscriber of your friends' social channels. So secushare has a fault redundant strategy for solving this problem - if our own distributed social graph doesn't do it, we can use GNS as a fallback. By the way, secushare is currently roughly at some 50% of implementation. You can find the code in the GNUnet repository in the src directories named psyc, psycstore, social and multicast. There is a prototype UI in the gnunet-gtk repo. We can use hands working on it all. -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
