[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments
|
From: |
Michael Rogers |
|
Subject: |
Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments |
|
Date: |
Thu, 10 Jan 2013 18:20:11 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/01/13 01:27, Mikael Nordfeldth wrote:
> Surely there must be an identity with which a user can recognize
> (verify) that whatever response is received does in fact come from
> the user. (kind of like GPG having a global scope with the public
> key fingerprints)
>
> Or is the system truly global-ID-less in such a way that for every
> new contact, an entirely new identity is generated (only in a local
> scope as you mentioned)? Meaning it is up to the two people making
> a connection to avoid possible collisions, kind of like GPG without
> any of the web-of-trust properties.
Whenever a person adds a new contact, she generates a fresh keypair.
The keypair is only used to establish a shared secret with the
contact; then it's destroyed. The shared secret is used to derive
symmetric encryption and authentication keys, which are rotated
periodically to provide forward secrecy.
Each party can assign whatever nickname she likes to the other party.
At the user interface layer, it would be sensible to avoid nickname
collisions - but even if someone assigns the same nickname to two or
more contacts, the shared secrets will be different, so there won't be
a collision at the protocol layer.
> If the latter is the case, I believe Briar to be very hard to
> implement in an "internet social" sense, though I definitely see
> lots of use for it in other areas.
Yes, I agree that Briar's a bit of an outlier among internet social
software - not least because it doesn't require the internet. ;-) But
I hope it will be interesting to explore points of overlap and
non-overlap, even so.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQ7wZbAAoJEBEET9GfxSfMFmQIALexyHQoCIKtP7scHXin8mss
1bM3CdmUVbZanTwHMq5kQ+q1jyWB6fPqme0/fhZYKywlD1Kdyj1ed0yyPCBl7Sn4
QY5jchXbwuTrWD0bQVPCghTWGu+eDPjLt8mZO9WI6ms9Aawi+lJl7/4t0FsmhtY0
ZzlNwXgqGUEI8Nq9G45g3TyFoAPoeU0CZknTx1PvQnvZVD12QNiUAXLmCoBiuMn9
4iassh0MsEUd3OLH3vOUnrVUXtcF7bX9j/ony3Odi9nSiBqiqaf4fd0uXapSjOJ/
8pEUzaLkR7uY+wj3SAzcL3ky6NR2qK4e38F5OLvIpuc0LExLRXnlylXv5I06cjo=
=EskA
-----END PGP SIGNATURE-----
- [GNU/consensus] GNU Consensus Manifesto -- Comments, Melvin Carvalho, 2013/01/08
- Re: [GNU/consensus] GNU Consensus Manifesto -- Comments, Michael Rogers, 2013/01/09
- Re: [GNU/consensus] GNU Consensus Manifesto -- Comments, Melvin Carvalho, 2013/01/09
- Re: [GNU/consensus] GNU Consensus Manifesto -- Comments, hellekin (GNU Consensus), 2013/01/09
- Re: [GNU/consensus] GNU Consensus Manifesto -- Comments, Melvin Carvalho, 2013/01/09
- [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Michael Rogers, 2013/01/09
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Mikael Nordfeldth, 2013/01/09
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments,
Michael Rogers <=
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Mikael Nordfeldth, 2013/01/11
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Michael Rogers, 2013/01/11
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Rich Hilliard, 2013/01/11
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Michael Rogers, 2013/01/12
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Rich Hilliard, 2013/01/10
- Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments, Michael Rogers, 2013/01/09