[Freedombox-discuss] FreedomBox 'bump/hi-five' challenge
Stefano Maffulli
stefano at maffulli.net
Fri Jun 24 18:49:36 UTC 2011
On Fri, 2011-06-24 at 01:25 -0700, John Gilmore wrote:
> In a decentralized network with cryptographic protection, each
> person's key should represent themself -- not their name, not their
> driver's license, not their address, not their passport.
I don't see myself spending time to verify the identity of "Chuck who I
always see in the library on Tuesdays" but I'm now convinced that it's
necessary to keep the possibility open.
I've rephrased the draft and put it on the wiki:
http://wiki.debian.org/FreedomBox/MobileKeyVerification
BTW @coiax put the first skeleton code of the Android app on gitorious
https://gitorious.org/manusvexo/manusvexo
> The implication for FreedomBox design is that a user's key should be
> transmitted WITHOUT further identifying information. Any identifiers
> for a received key should be provided by the receiving party.
If I understand correctly you want a scenario similar to:
Jane meets 'Chuck, the library guy', Chuck gives Jane a GPP UID
with no further data but an email (no name and comment). Jane
saves the GPG key in a vcard under the name 'Chuck the library
guy'.
Would this cover what you have in mind? The exchange of the key is
separate from saving the contact data, whose existence is not mandatory.
/stef
More information about the Freedombox-discuss
mailing list