Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • May 05 08:08
    coveralls commented #205
  • May 05 08:08
    coveralls commented #205
  • May 05 08:07
    coveralls commented #205
  • May 05 08:07
    coveralls commented #205
  • May 05 08:04
    sonarcloud[bot] commented #205
  • May 05 08:04
    sonarcloud[bot] commented #205
  • May 05 08:03
    jaytaph synchronize #205
  • May 05 08:03

    jaytaph on symlink

    moved ed25519->x25519 to outsid… (compare)

  • May 05 06:00
    jaytaph commented #197
  • May 05 06:00
    jaytaph commented #197
  • May 05 06:00
    jaytaph commented #197
  • May 05 06:00
    jaytaph commented #197
  • May 04 14:43
    jaytaph commented #197
  • May 04 10:59
    coveralls commented #205
  • May 04 10:59
    coveralls commented #205
  • May 04 10:59
    coveralls commented #205
  • May 04 10:58
    coveralls commented #205
  • May 04 10:56
    coveralls commented #205
  • May 04 10:56
    coveralls commented #205
  • May 04 10:56
    coveralls commented #205
Joshua Thijssen
@jaytaph
acalatrava
@acalatrava
You are right, we need to have the Infra working and we need to do some changes to crypto too. I’ll try to put everything on a doc today or tomorrow
acalatrava
@acalatrava
Can I create pages at the wiki?
Joshua Thijssen
@jaytaph
Not sure
Can give you access
i think you have now access
acalatrava
@acalatrava
I just saw the invitation. Nice! I’ll create a “proposal #2” document trying to explain everything
Joshua Thijssen
@jaytaph
:thumbsup:
Joshua Thijssen
@jaytaph
morning!
acalatrava
@acalatrava
morning!
I've been thinking all night about organizations and it's not easy........
I'll write the doc now
Joshua Thijssen
@jaytaph
:-)
Joshua Thijssen
@jaytaph
ok.. i've read the proposal
i think there is not a lot of differences... but i really want to try to make the domain part not public info..
acalatrava
@acalatrava
yep... that's the main problem
but as much as I think about it I don't find a solution
Joshua Thijssen
@jaytaph
there are a few actors who need to know / verify domain info:
  • sender of an email (does it?)
  • key-server when an address (with or without organisation part) is added/modified
and the recipient of a message
acalatrava
@acalatrava
if the information is not public there is no way to verify the organisation
I mean, I could be the first to register apple.com
and that way there would be a black market? to sell the "domain" to apple...
Joshua Thijssen
@jaytaph
isn't this the same as with twitter?
what keeps somebody from registering: @apple ?
acalatrava
@acalatrava
yes... I guess
however Twitter have the verified accounts
where twitter verify somehow that the account is verified and they do that using a manual? process
we can't do that as the system needs to be totally open
I don't like leveraging the verification to DNS either, but I don't find another solution
Joshua Thijssen
@jaytaph
yes.. but suppose i have the organisation @apple!, and we could link this with apple.com (through DNS).. but it could also be verified by apple.io for instance
in an open system.. i don't think there isn't much else than first come, first served?
acalatrava
@acalatrava
it doesn't matter, the client will check the signature and it will show a organisation field with "apple.com" or "apple.io"
it doesn't matter if I register @apple! or @apple001!
in fact you don't register @apple!, you register your dns name
and link an address to your dns name
the address could be just john! or john@whatever!
in fact, now that I think of it we can get rid of the organisation database at all.... and do the organisation checking directly through dns
let me update the document
Joshua Thijssen
@jaytaph
i think i've opted the idea of connecting domain-names to organisations before, somewhere in the wiki... we can indeed use that for verification purposes (through the TXT record)...
let me think about this... maybe I can find some kind of middle ground here
acalatrava
@acalatrava
ok
Joshua Thijssen
@jaytaph
hmm..
I really think we don't need to leverage DNS..
acalatrava
@acalatrava
I'm all ears
it's not a lot different from the first proposal though... i've incorporated dns validation (the blue checkmark).. but i think this could work with just a little bit of information leakage (organisation hash for an account on the keyserver, and domain-name on organisation level)
btw.. I did send you a new message on bitmaelum.. did you already check it?
acalatrava
@acalatrava
I did'nt, let me check