Re: [GNU/consensus] [SH] Re: GNU Consensus Manifesto -- Comments

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/01/13 20:55, Rich Hilliard wrote:
> What actions can be taken on pseudonyms? E.g. can I
> follow/subscribe to a user knowing her pseudonym? Can I
> forward/repost something posted by a pseudonym? Can I
> forward/repost something containing someone's pseudonym? Does
> pseudonym's owner have control over what actions are available on
> use of this identity?
> 
> It seems to me these are interesting cases to consider for
> distributed/federated identity. If all this has been worked out,
> please point me to that. I'd be interested.

Hi Rich,

Interesting questions! Maybe the best way to delimit what can be done
with a pseudonym is to describe how they're implemented.

A pseudonym consists of a name and a public key; the pseudonym's
creator holds the corresponding private key. When a message is posted
to a discussion group it can be signed with a pseudonym or it can be
unsigned and anonymous. Signatures are not deniable or repudiable.

People subscribe to discussion groups rather than pseudonyms. Anyone
can create a discussion group. Each group spreads through the social
network by invitation - any subscriber can make the group visible to
some or all of her contacts, who can then subscribe. When a message is
posted to a group, it's forwarded to all subscribers. A subscriber
receiving a message doesn't know a priori whether the message was
written by someone she knows or someone further away in the social
network.

There are two kinds of group: restricted and unrestricted. An
unrestricted group is identified by its name; any subscriber can post
messages to the group.

A restricted group is identified by its name and a public key; only
people who hold the corresponding private key can post messages to the
group. Restricted groups function a bit like blogs, with one or more
authors broadcasting messages to the subscribers. If a restricted
group has a single author who always posts with the same pseudonym
then subscribing to the group is similar to following that pseudonym.

Discussions within each group are threaded - if a message replies to a
previous message, it includes the previous message's unique ID. Each
message also includes the unique ID of the group to which it was
posted. The signature covers both those headers, so a signed message
can't be surreptitiously reposted to a different group or a different
context within the same group without invalidating the signature.

It is possible, however, to repost a message (pseudonym, headers,
signature and all) inside the body of another message. Anyone
receiving that message will be able to tell that it's been reposted,
and the signature on the reposted message will still be valid.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQ8VUOAAoJEBEET9GfxSfMG+IH/0tDQiWvpYve2OwAaQqK4rvG
Q7q8CwXazybSzhjc8zJqj/ZeNpiQpRMXP/ElFL5jfkBkXp1z4f36R8ZkpGNq4JlN
Kvfaq5PRpu53VGFejnPQc1faAhoxKhrQ++Waiu0KINR15DXEh0dyTjZ2Ui1WgdLx
JAFLgjo4eKhgs2gzpVutaQtPYCjEW6ItbGasP9ZfZVvl6nGlaMtj++spfH+TQ+Wt
pxwwRIEgQrK3Wyv206w+Iu2GJXzptK1rbtvnU9XhQYOvgCjQQ5ni5Nc7W6Te1mXw
vDLFWeIErbALLuY++q36rCUNWZOlq22ivXgrgXL1SAEu9AvhKnNC3r3hmW5OkTU=
=oqjW
-----END PGP SIGNATURE-----