<br><br><div class="gmail_quote">On 8 January 2013 14:43, Nick M. Daly <span dir="ltr"><<a href="mailto:nick.m.daly@gmail.com" target="_blank">nick.m.daly@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Spinning up a way-overdue discussion again. Sorry for the gravedigging,<br>
but this is good stuff.<br>
<div class="im"><br>
Melvin Carvalho writes:<br>
<br>
> On 1 November 2012 18:44, Nick M. Daly <<a href="mailto:nick.m.daly@gmail.com">nick.m.daly@gmail.com</a>> wrote:<br>
><br>
>> Melvin Carvalho <<a href="mailto:melvincarvalho@gmail.com">melvincarvalho@gmail.com</a>> writes:<br>
>><br>
>>> I think in the case of freedombox it would be desireable to have<br>
>>> not only a web identity but to tie it to GPG, which is something<br>
>>> I've already done some work on.<br>
>><br>
>> Would you mind describing that a bit? FBuddy [0] is designed to make<br>
>> (PGP-) signed/encrypted location statements available, over any service<br>
>> you're using.<br>
><br>
</div><div class="im">> Currently looking at 3 areas.<br>
><br>
> 1. Converting GPG keys with X.509 using bouncy castle (have some rough<br>
> code working)<br>
<br>
</div>Have you made any progress on this? How does this tie in with<br>
Monkeysphere? I thought they were working on something similar, but<br>
maybe I misunderstood.<br></blockquote><div><br>Hi Nick, thanks for bumping this thread.<br><br>It's surprisingly tricky to go from binary formats of GPG and X.509, but I've had some help from Daniel an others. Usual problem is lack of resources to write tooling.<br>
<br>Some template code is here.<br><br><a href="https://gist.github.com/1505613">https://gist.github.com/1505613</a><br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
> 3. Crypto in the browser, for use to encrypt/decrypt maybe sign etc (saw an<br>
> impressive demo from Mozilla last week)<br>
<br>
</div>Can you link to that demo?<br></blockquote><div><br>There's a big group working on this including mozilla and google<br><br><a href="http://www.w3.org/2012/webcrypto/">http://www.w3.org/2012/webcrypto/</a><br><br>
Best person to talk to is probably David Dahl, Mozilla Corporation <<a href="mailto:ddahl@mozilla.com">ddahl@mozilla.com</a>><br><br>I can follow up if we have some specific questions.<br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
> The general idea is to translate some of the features of GPG to the web<br>
> stack so it an be used for similar purposes in a web context<br>
><br>
> I took a quick look at giorious but if it wasnt that easy to work out all<br>
> the details in theory it would be nice to use the same master key in<br>
> different contexts, and provide methods to revoke etc.<br>
<br>
</div>Yes, ultimately I think we all have the goal of using the same PGP<br>
master key in more areas than it's being used now, however, I'm worried<br>
that this sort of thing could easily lead to metaphor shear between<br>
projects: where your PGP key means something significantly different<br>
between services. Those sorts of changes are going to happen between<br>
services, but as long as we end up agreeing that a key is used to<br>
identify a service provided by an identity, then I doubt it'll be a big<br>
deal.<br></blockquote><div><br>Very valid point. Bringing some of the goodness of GPG to the web, I think is a win win, and not terribly hard to achieve. <br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="HOEnZb"><font color="#888888"><br>
Nick<br>
</font></span></blockquote></div><br>