[Freedombox-discuss] FreedomBox 'bump/hi-five' challenge

John Gilmore gnu at toad.com
Fri Jun 24 08:25:23 UTC 2011

> > The updated status of 'we met, we have noted each other's
> > identity, we like each other' can be then transmitted [...]
> I think it is a mistake to mix "we like each other" into the identity
> verification process here.
> The crucial thing is to verify *identity*.  If i meet someone who i
> don't like, as long as i'm sure of who they are, i should be able to use
> the same process.

I would go further.  I wouldn't even tie the person to some kind
of global identity, government ID, or "verification".

In a decentralized network with cryptographic protection, each
person's key should represent themself -- not their name, not their
driver's license, not their address, not their passport.  They can be
"Uncle Charlie" in one person's freedombox, and "Charles Knox, Esq."
in another's.  In a third freedombox, the key could represent "Guy I
met at fish dinner with JoAnn, March 2011".  Or "Chuck who I always
see in the library on Tuesdays".

The implication for FreedomBox design is that a user's key should be
transmitted WITHOUT further identifying information.  Any identifiers
for a received key should be provided by the receiving party.

Not automatically tying a key to a self-claimed identity, nor a
government-issued identity, nor even a photo, will help freedom
fighters stay free when the government grabs somebody and tries to
find all their collaborators.  And I think it simplifies the security
model, while still providing what our applications need, which is a
way to identify someone at a distance [over the network] as a
particular person who we have interacted with before.

Of course, people are free to snap a photo, with permission, when
exchanging keys; or to photograph the other person's business card
or vCard, or type in a full name.  Or even a driver's license number.
But this shouldn't be required, and I don't even think it should be 
the default.

This concept is only a few weeks old; I could've missed some big
reasons not to do it this way.  


More information about the Freedombox-discuss mailing list