On Tue, Jun 11, 2013 at 1:09 PM, Bruno Gonzalez (aka stenyak) <sten...@gmail.com> wrote: > On Tue, Jun 11, 2013 at 9:38 PM, Joseph Gentle <jose...@gmail.com> wrote: >> Secondly, we won't tie your identity to the IP of the computer you're >> on - your identity doesn't change when you move between devices or >> when your computer's IP changes. We probably want some method of >> signing / encryption where your local node stores your private key so >> other peers can verify the authenticity of your operations. >> > > This would be equivalent to commit signing in git, where you simply carry > your private key, and sign whatever comes out of your computer, right? > So in order to add a user to a wave, you would add his public key instead > of an email-like address, and then only owners of the private key (namely, > the user himself) can send wave operations.
Yeah exactly. In the wake of the PRISM stuff, I'm also wondering how hard it would be to leave data encrypted on the server as well. One way to do that would be to generate a single symmetric key for the whole wave. The wave would store an encrypted copy of that key for every participant, encrypted with the user's public key. >> > Is it possible to use this "something else" (both the certificate >> > alternative, and the domain alternative) for federation in current WiaB, >> > and if so, is there any reason (other than lack of resources) for not >> > having it in WiaB already? >> >> Personally, I'm a big fan of mozilla persona for WIAB. That would >> remove heaps of the sign in flow and remove the need to store user >> accounts. >> http://www.mozilla.org/en-US/persona/ >> > I usually use OpenID (with my own openid server), but of course this > requires a server to begin with. I understand Persona removes that need, > which is why it would be preferable? Persona is way simpler & easier to implement than openid, its not based on old protocols and most importantly, you don't need your users to memorize an identity URL. The whole 'pick your provider from this giant array of icons' is awful. In comparison, my mum can use persona just fine. Everyone understands 'Login with your email'. > I'm not sure if this is on a separate plane to the keypair stuff (they > solve unrelated things, both of which would be necessary), or if it's an > alternative/replacement method, or if persona can somehow use a key pair > under the hood. Nah, persona just gives your site an authenticated user email address. Managing their key pair is a separate problem. -J > > -- > Saludos, > Bruno González > > _______________________________________________ > Jabber: stenyak AT gmail.com > http://www.stenyak.com
