[Freedombox-discuss] Bootstrapping a Freedombox contact list

Tim Retout diocles at debian.org
Wed Nov 20 22:45:10 UTC 2013 

Hi all,

I've been thinking about the problems involved in the initial setup of a
Freedombox, particularly the challenge of finding your friends'
Freedombox addresses.  Has anyone else been through this already?  I
couldn't see anything which really spelled this out on the wiki.

I'm going through this because I can see how Freedombuddy can negotiate
services once you know your friends' onion addresses, but I don't see
how you find those in the first place.

Normally I hate talking without any code to show for it, but I don't see
any other way for this... other than coding away in secret, and it seems
risky not to have any feedback at all.

So far, I've got the following workflow to aim for, which uses email
contacts to bootstrap potential "friends".

Initialization:
===============
- User plugs in freedombox, and connects a network cable to their normal
router
- User connects to e.g. "freedombox1234" wireless network (ESSID/WPA2
key set during installation and printed on the device?)
- User browses to web UI, which shows a login screen with a registration
link.
- User chooses to register a new account.

Registration:
=============
- UI prompts user for a name, email address, Freedombox password
- UI asks user if they would like to create a GPG key, or use an
existing one
- UI tries to figure out the host/port settings for their email address,
and prompts the user if that fails
- UI prompts user for IMAP/SMTP credentials

At this point, the user has got a functioning web-based IMAP client,
talking to their normal email address.  Use cases involving
automatically signing/encrypting outgoing mail become possible at this
point.

Optionally they could set up a desktop mail client to talk to the
Freedombox.  I am not sure how this would work on laptops or phones
which could be outside the home network, because we haven't yet solved
the problem of exposing services on a public IP (have we?).

The Freedombox can now start syncing the account's email to the local
device, and try to detect if any of the user's contacts have GPG keys
(via email signatures, DNS lookups or the keyservers) - probably best to
go over Tor for this bit.

Creating/importing a GPG key:
=============================
This next bit might be crazy - but could you encode the onion URL for
the Freedombox's Freedombuddy Tor hidden service in a GPG uid?  Probably
as a dummy email address, e.g "Freedombox <tim at example.onion>"

- A key is generated using the user's email address as the primary uid,
OR the user provides an existing GPG key
- System asks user for permission to add a Freedombox uid to the key,
encoding the onion URL that can be used to find this Freedombox on Tor.
- System asks user for permission to upload the key to the keyservers

Now, it would obviously not be obligatory for any individual to use this
mechanism, but it would make discovering Freedombox addresses much
easier.  After all, the existence of a social networking profile is
often public knowledge - but you need to be granted extra permissions by
the owner in order to actually connect to it and see anything.

If the user doesn't want to make public the existence of their
Freedombox, that's fine - they will just be less discoverable.  We can
still check for public Freedombox uids below.

Suggesting contacts:
====================
- System downloads an email contact's GPG key
- System checks for "Freedombox" in the GPG uids
- UI shows the user potential "friend" Freedomboxes
- User can select and add these people as contacts
- System connects to friendly Freedomboxes, to ask for permission to do
more stuff, or to discover more services like XMPP ids.

I reckon that users should be able to have friends who are untrusted,
i.e. we don't expect people to meet up and exchange key signatures
before they can communicate, in the same way that you can "add" people
on social networks without knowing it's actually a fake profile.  UI to
support the web of trust can come later.

Future extensions:
==================
- The model here is first to intercept rather than replace the user's
existing email account.  Complete replacement has to come later, after
the challenges around potentially dynamic public IP addresses are
resolved.  Could we take the same approach with XMPP or other social
networking accounts?
- How would services on public IPs be offered? (UPnP to punch through
the router, and then Freedombuddy tells others about them?)
- Can we add a sharing model, where I grant my friends permission to
share my Freedombox address with their friends?  This would also greatly
speed up discovery of other interesting Freedomboxes.

Note that I have not yet figured out how to implement any of the above!

-- 
Tim Retout <diocles at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131120/57b52194/attachment.sig>

More information about the Freedombox-discuss mailing list