On Sun, 2010-07-11 at 15:33 +0200, Melvin Carvalho wrote: > > > On 11 July 2010 06:18, Ted Smith <[email protected]> wrote: > > On Sun, 2010-07-11 at 11:21 +0900, B. Kip wrote: > > Still trying to understand this in detail: > > > > On Sat, Jul 10, 2010 at 9:46 PM, Blaine Cook > <[email protected]> wrote: > > On 10 July 2010 13:26, Ted Smith <[email protected]> > wrote: > > > It means that if your server (to be precise, your > > > core) is cracked, or subpoenaed by the > MAFIAA/ACTA-Empowered > > Sharing > > > Police, it can give up no data that you haven't > already > > decided is > > > public. > > > > > > I don't think that StatusNet GNU Social makes that > > guarantee, even when > > > it comes to private messaging. I would be very > happy to be > > wrong. > > > > > > It doesn't, though servers are free to encrypt the > data before > > and/or > > after it's sent. The same applies for email. Two > thoughts: > > > > 1. I welcome experiments using P2P networks for > social > > networks, but > > consider the human-level usability concerns. No > matter what > > the > > underlying technology is, you need a human-level > addressing > > system > > (the acid test for a good addressing scheme is the > ability for > > one > > person to be able to write down on a scrap of paper > an address > > at > > which someone else can contact them later). If you > use > > webfinger (re: > > email-like addresses), you can maintain > compatibility with > > mainline > > GNU Social, Status.net, Diaspora (i.e., OStatus), > and Google > > Buzz > > while providing forwards-compatibility to stronger > > privacy-based > > networks*. > > > > From: GNU social - Privatemessaging - Open wiki - Gitorious > > http://gitorious.org/social/pages/Privatemessaging: > > * If Bob hasn’t authenticated against Alice’s > server, > > then Bob’s server goes through the Webfinger > auth > > process, generating a shared secret. If he > already > > has, he’ll already have such a secret. > > * Bob’s server uses the shared secret from the > Webfinger > > auth process to retrieve Alice’s message. > > So, as I understand it, this shared secret is simply a way > of ensuring > > that Bob is really Bob and Alice is really Alice, and that > they know > > eachother, not a key that is used to encrypt messages > between Alice > > and Bob- correct? > > > I believe that's correct. I'm not entirely sure what "the > Webfinger auth > process" is here. A cursory look at Webfinger doesn't indicate > what that > is. I assume it is something that Bob's server uses to prove > that it > hosts Bob's account, at which point Alice's server sends Bob's > server > the message. > > > If you go this far why not take the extra step of > encryption? Is that > > a whole lot more complicated to do? What process are you > using to > > authenticate? Are you making use of public keys shared > through > > Webfinger? > > > There's not really any point of encryption if your key > material is > stored on an untrusted server. > > I'm not really sure if you're asking questions about Statusnet > GNU > Social or P2P GNU Social, but in P2P GNU Social, there's no > need for > authentication, because the messages are encrypted end-to-end. > Like all > other content, Alice notifies Bob of a message, and Bob pulls > the > message. If anyone else is scraping Alice's core and finds the > URL that > Bob uses to pull Alice's message, they can have it - as long > as the > protocols Alice and Bob picked to use in OpenPGP are secure > (probably > RSA and AES), there is not much hope of that person obtaining > the > message. > > Yeah, nice. I've often thought person to person sharing can be > encrypted simply using the next party's public key (GPG or X.509) > > For group sharing you can add another optimization of a group sharing > an aes 256 key. Of course you're only as strong as your weakest link, > but it's a good start. > We get this for free with OpenPGP. It encrypts the data with a symmetric cipher, and encrypts the key for that with the asymmetric cipher.
> With FOAF it's pretty easy to associate a public key with a profile (a > few lines of cut and paste) which is also the basis/simplicity of FOAF > +SSL > > The elegance of this system is that to get a user's public key, you > just need to lookup the webpage, which is something that's almost > trivial to do. > > With webfinger it's a bit harder to get information out of the email > address, you'd normally have to deploy a server to specially do this. > It's always nice to be able to get new information from an identifier, > IMHO it's an unnecessary step, but i dont have a huge issue with > people that want to do this, and can see it's necessary for many of > the large webmail providers to finally get into the interop game. You'd have to set up a server to get information out of FOAF, right? You need some way to download the information. Webfinger only involves webpage lookups.
signature.asc
Description: This is a digitally signed message part
