[Freedombox-discuss] DHTs and Names

John Walsh fiftyfour at waldevin.com
Sat Sep 3 06:05:25 UTC 2011 

Hi dkg, 

> > Same as 0.
> 
> not sure what you mean here -- are you saying that your 
> response to this point is the same as your response to point 
> 1 ?  if you mean to imply that these two points are the same 
> as each other, i've miscommunicated something; i think 
> they're different.
Sorry, should have said same response, i.e. I understand \0/
> 
> >>  2) individual users could choose to publish (some of) 
> their petname 
> >> bindings in a way that is cryptographically verifiable, thereby 
> >> creating third-party introductions with human-readable names.
> > My understanding of this sentence is that you are 
> effectively sharing 
> > your address book with a friend (third party). This sounds like a 
> > Facebook Friends list,
> 
> Note that your "friends list" on facebook is entirely under 
> the control of a third party.  And once you navigate to a 
> friend's page, you have no explicit mechanism (other than 
> your memory, which if you're like me is pretty feeble) to 
> give you a cryptographically-verifiable human-readable name 
> that describes your relationship to them.  You have facebook 
> acting as a trusted introducer (that is, the facebook website 
> tells you which third parties might connect the two of you); 
> this puts facebook in an unjustifiably-powerful position.
If I were to publish my Facebook Friends list, then a friend could be
introduced/friended to another friend through AFAIK  the full control of
Facebook i.e. not some third party. I don't understand the point you are
making about a trusted introducer because for the FBX I will be swaping
Facebook for FBXF although FBX with signed certs will be more secure.

> 
> > which clicking on one of those friends links takes you to an 
> > unreadable url.
> 
> or maybe the readable URL is masked or displayed as somehow 
> subordinate to your own petname for the person.  If we don't 
> have a clear human-readable way for people to relate to the 
> data on their screen, we
> *cannot* provide them with a usably-secure toolset.
> 
> If we're talking about modifying what's on their screen 
> outside of the URL itself, then we're talking about some sort 
> of client software -- probably different from the software 
> which runs on the freedombox itself.
I understand now the importance of a secure human-readable name lets people
relate to "the data on their screen". I was thinking we could use "subject
fields" in a cert to contain a human readable pseudonym (aka directory), and
the actual address would be non human-readable. So, (hand wavy idea) in the
Firefox address bar, the information identity/favourite icon would be human
readable while the actual address would be machine readable. The certificate
can be checked by clicking on identity/favourite icon. If the certificate is
not signed by FBXF then it will give the usual big warning message. Ideally,
for me the human readable name in the cert would be my DNS identity, i.e.
email address allowing people uniquely identity me - I use email addresses
to find people on Facebook.

> 
> > I do want to understand the problem, but I can't see the 
> problem. What 
> > is it that I don't see?
> 
> I didn't mean to imply that there was a horrible problem with 
> this approach, only that no one has implemented anything like 
> this (to my
> knowledge) in a way that would be truly autonomous, with 
> people in control of their own relationships and communications.  :P
> 
> The sketch above was intended to be a hand-wavey idea about 
> how we could use human-readable names *without* having them 
> be global/universal.
> 
> This has its limitations, including (for example) that you 
> can no longer comfortably/reliably jot down your address on a 
> piece of paper to give it to someone.  If we assume 
> ubiquitous smartphone-with-camera and a functional 
> manus-vexo/monkeysign implementation, maybe this is an 
> acceptable tradeoff.  However, i know that some people (even on this
> list!) still don't carry a smartphone.  Do we want to make it 
> harder for them to join this network in order to cut this 
> gordian knot?  maybe that's the tradeoff we need to make.
The ability to jot down on a note is important because I don't have a
smartphone! :(

> 
> are there other things we lose by not having global 
> human-memorable identifiers?
I realise now that my proposal rely's on the "constant co-existence" of DNS
for findability/human readable name and FBX scheme for a secure and
distributable system, thereby never allowing us to "cut the gordian knot"
from the DNS system. I did think that you could use a key server as a
directory, but then thought that a key server probably doesn't store a
cert's subject field details.

Still, I do think there is some merit in using my hand wavy idea until
Zooka's Triangle is solved, that is assuming you can swap in and out an FBX
naming scheme while still relying on DNS. Once you find a FBX naming scheme
that works, you can "cut the gordian knot" from the unique human readable
name of the DNS system\0/

Dkg, thanks for taking the time to shed light on where I was going wrong.
It's incredibly exhilarating learning about all this stuff - I haven't
pushed my brain this much in a while - Thank You. You never know, maybe
someday I will take a crack at this packaging stuff ;)

-- fiftyfour

More information about the Freedombox-discuss mailing list