[Freedombox-discuss] DHTs and Names
Bjarni Rúnar Einarsson
bre at pagekite.net
Sat Sep 3 08:57:46 UTC 2011
On Thu, Sep 1, 2011 at 1:03 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 09/01/2011 02:09 AM, John Walsh wrote:
>> Do you think human readable names are important to FBX?
>
> Yes, undoubtedly; we want the tools produced by this project to be
> usable by humans.
I also think they are important, but it would be nice to have a system
that could function without them. I like your proposal because it has
exactly this quality.
> 0) a freedombox could be known by the fingerprint of its public key
> (non-human-readable, OpenPGP or some other fingerprinting standard)
I would rephrase this to say that an OpenPGP fingerprint would be the
globally unique identifier for one of the identities associated with a
FreedomBox. :-) Simply because the box might have more than one user.
> 1) the freedombox itself could publish its own routing information (DNS
> records? something else?), signed by its own public key so that it is
> clear (and verifiable) how to reach the machine at the moment.
I think this is a really powerful idea and think generally it would
make sense to use OpenPGP to "claim" or "verify" a set of URIs. One
should also be able to claim a self-signed SSL certificate, for
compatibility with the web.
An URI can represent anything from a web page with a .onion to an SMTP
e-mail address, so simply providing a list of URIs and signing that to
state 'these are me' works just fine.
When claiming, the signed ID document would assert: "this URI is a way
to reach this content of mine, until time X".
It would be very important (for avoiding censorship) to have the
ability to assert that multiple URIs all represent the same thing;
thus I could publish the assertion that my personal website is at the
following locations, in order of preference:
https://123412341243.onion/*
https://1.2.3.4/*
https://bjarni.pagekite.me/*
http://bjarni.pagekite.me/*
Publishing this in a machine-readable, signed way, means that a
browser (possibly with the help of a plug-in or external proxy) could
recognize that these are all the same thing, and when the user clicks
on a link to one, it would under-the-hood switch and choose the most
secure available path - automatically upgrading an insecure link to
http://bjarni.pagekite.me/ to a HTTPS secured link to a Tor hidden
service whenever possible. Similarly, if a connection fails to the
preferred URI, it could fall back to a lower priority one, thus
transparently avoiding censorship and routing around other network
damage.
Note that this scheme allows us to use old fashioned DNS names and
URLs and stay backwards compatible with today's web, but resists
censorship by providing known alternate routes to FreedomBox if the
public infrastructure is tampered with (we would also need a way to
detect tampering, but SSL may suffice for that).
...
When verifying, the signed ID document would assert: "this URI had
this content at this time"
The latter might be useful for establishing a web of trust for certain
(static) web pages, for example if I use my FreedomBox to author a
blog which is then remotely published to an insecure blog host, my ID
document could allow people to verify that the content has not been
tampered with.
> 2) individual users could choose to publish (some of) their petname
> bindings in a way that is cryptographically verifiable, thereby creating
> third-party introductions with human-readable names.
Also, when importing these OpenPGP identity documents, they could
themselves *suggest* a petname for each set of URIs and when there is
a clash it could be locally resolved automatically.
I really think something like this is the right way to go.
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: http://pagekite.net/
More information about the Freedombox-discuss
mailing list