[Freedombox-discuss] DHTs and Names

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Sep 2 08:39:04 UTC 2011 

On 09/02/2011 04:15 AM, John Walsh wrote:
>>  0) a freedombox could be known by the fingerprint of its 
>> public key (non-human-readable, OpenPGP or some other 
>> fingerprinting standard)
> Agree. A couple of months ago I wouldn't have understood this sentence\0/
>>
>>  1) the freedombox itself could publish its own routing 
>> information (DNS records?  something else?), signed by its 
>> own public key so that it is clear (and verifiable) how to 
>> reach the machine at the moment.
> Same as 0.

not sure what you mean here -- are you saying that your response to this
point is the same as your response to point 1 ?  if you mean to imply
that these two points are the same as each other, i've miscommunicated
something; i think they're different.

>>  2) individual users could choose to publish (some of) their 
>> petname bindings in a way that is cryptographically 
>> verifiable, thereby creating third-party introductions with 
>> human-readable names.
> My understanding of this sentence is that you are effectively sharing your
> address book with a friend (third party). This sounds like a Facebook
> Friends list, 

Note that your "friends list" on facebook is entirely under the control
of a third party.  And once you navigate to a friend's page, you have no
explicit mechanism (other than your memory, which if you're like me is
pretty feeble) to give you a cryptographically-verifiable human-readable
name that describes your relationship to them.  You have facebook acting
as a trusted introducer (that is, the facebook website tells you which
third parties might connect the two of you); this puts facebook in an
unjustifiably-powerful position.

> which clicking on one of those friends links takes you to an
> unreadable url. 

or maybe the readable URL is masked or displayed as somehow subordinate
to your own petname for the person.  If we don't have a clear
human-readable way for people to relate to the data on their screen, we
*cannot* provide them with a usably-secure toolset.

If we're talking about modifying what's on their screen outside of the
URL itself, then we're talking about some sort of client software --
probably different from the software which runs on the freedombox itself.

> I do want to understand the problem, but I can't see the problem. What is it
> that I don't see?

I didn't mean to imply that there was a horrible problem with this
approach, only that no one has implemented anything like this (to my
knowledge) in a way that would be truly autonomous, with people in
control of their own relationships and communications.  :P

The sketch above was intended to be a hand-wavey idea about how we could
use human-readable names *without* having them be global/universal.

This has its limitations, including (for example) that you can no longer
comfortably/reliably jot down your address on a piece of paper to give
it to someone.  If we assume ubiquitous smartphone-with-camera and a
functional manus-vexo/monkeysign implementation, maybe this is an
acceptable tradeoff.  However, i know that some people (even on this
list!) still don't carry a smartphone.  Do we want to make it harder for
them to join this network in order to cut this gordian knot?  maybe
that's the tradeoff we need to make.

are there other things we lose by not having global human-memorable
identifiers?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110902/0d6f4f13/attachment.pgp>

More information about the Freedombox-discuss mailing list