On Thu, Jan 10, 2013 at 6:49 PM, Sean Lynch <seanl@literati.org> wrote:
Hi, folks. I'm sure similar ideas to this have been discussed on this list before, but I wanted to talk about an application that's been living in my head for years and that I keep working on in fits and starts, in the hopes that either someone will "steal" the idea or decide to work on it with me to keep me motivated even when the goal seems so far away.
For what it's worth, this sounds an awfully lot like what I have envisioned for the Cryptosphere: https://github.com/tarcieri/cryptosphere Contacts would be identified by their (Ed25519) public key. When you add
someone, you just paste their public key and type a "pet name" for them, which is what would be shown in your contact list.
Really close to what I had in mind, and I plan on using Ed25519. This is actually an approach that forces you to do more than take a fleeing glance at a given user's public key thumbprint/ID and I feel that's missing from many similar systems (e.g. OTR)
People could also associate various metadata with their public key in a very similar way to how they do with PGP keys: with metadata packets signed by themselves and other people, thus establishing a web of trust that would enable search, the same way we can reliably search for PGP keys but with an easier-to-use interface that will always show someone's relationship to your current trusted contacts.
My goal was to collect metadata about content transfers in the system by having all participants in file transfers sign a client-specific long chain which serves as a record of who has transferred what. Through the course of normal system operation any given peer will collect a number of these long chains, which can be run through a collaborative filtering algorithm (e.g. singular value decomposition) in order to make an educated guess about the properties of peers you've never interacted with based on their collective similarity to peers you have interacted with directly. Here are some possible implementation strategies. The only one I've made
any progress on so far is uTP:
1. uTP with our own DHT implementation for bootstrapping, lookup, and storage of published stuff
My plan was to use CurveCP with the Ed25519 private scalar as the CurveCP private key. This allows you to set up secure channels which are based on the same identities as the other signatures in the system. CurveCP presently has some issues with embedding and congestion control but I hope if people actually start using it these problems will get resolved. I guess you could call this a p2p, pseudonymous version of Facebook,
with all the same functionality and none of the privacy problems because privacy would always be defined by encryption. If you want something public, you post it in the clear. If you want something seen by only your friends, you encrypt the encryption key with each of their curve25519 keys.
A crypto capability-based access control scheme comes to mind here. -- Tony Arcieri _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE