Hi, Matthew It seems that we can reduce power of auth provider. As we always rely on SMS-gates for auth and they are already much more powerfull in this case. Plus gate can only add fake numbers. What's a problem with it?
For building secure we need more that only single auth provider. For securing some accounts people can use 2FA. Steve. 19.08.2015, 19:53, "Matthew Hodgson" <[email protected]>: > This is similar to the decentralised identity service ideas we've been > experimenting with for Matrix. The problem we've hit (which I think this > scheme suffers from too) is how you choose which auth providers to trust, > otherwise you end up un-decentralising the system as the defacto auth > provider ends up with way too much power. Do you consider this a problem? > > We've been looking at using something like the stellar consensus protocol to > propagate trust/reputation between the auth providers - or limiting ourselves > to email and piggybacking on top of DKIM like webfist/webfinger. > > p.s. does anyone know how dead/alive webfist is, and whether/why it failed? > > -- > Matthew Hodgson > matrix.org > >> On 19 Aug 2015, at 17:26, [email protected] wrote: >> >> Hello everyone! >> >> Just finished small article about one idea of secure contact discovery: >> https://medium.com/@ex3ndr/encrypted-public-contact-discovery-95cfa0a0f6c7 >> >> Steve. >> _______________________________________________ >> Messaging mailing list >> [email protected] >> https://moderncrypto.org/mailman/listinfo/messaging _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
