Ted Smith typeth: | > Not sure if you mean what I mean here, so I say what I mean. Groups | > of people need a managing member that generates a symmetric encryption | > key and sends it to each member, using each member's public keys just | > once. Once a secret symmetric key is established, messages can be | > distributed using regular multicast strategies as all members can | > decrypt that. Only this spells true privacy within groups of people | > and thus the social network. | | My vision is that every user will have an OpenPGP keypair tied to their | GNU Social identity. This could be managed by the user or totally | transparent to the user (managed only within the UI). A group would just | be a set of key IDs to encrypt to.
Yes, a group is defined by just a set of pubkeys, but by negotiating a shared secret you have overall less work on the sending side and you get the huge advantage of being able to store the message anywhere, distributing it more efficiently (multicast rather than round-robin unicast) and it is always useful to every member of the group rather than just one. Also I like having some options concerning repudiability. By using temporary keys we can have off-the-record-like configurations, not always use the pgp signature which makes every little chat session a bit like a legally binding contract. -- ___ psyc://psyced.org/~lynX ___ irc://psyced.org/welcome ___ ___ xmpp:[email protected] ____ https://psyced.org/PSYC/ _____
