domob wrote:Not sure I understand your proposal correctly, so sorry if my reply misses your points. Do you mean that verification should find the namecoin identity name automatically based on associated XMPP accounts? This seems like an interesting idea, although I wouldn't want to "rely" on it. How do you prevent someone to create a fake name containing your XMPP address and the attacker's fingerprints? To be safe, I have to be sure you are indeed the owner of the namecoin identity I use for verification anyway - thus for now my plan is to simply allow to manually enter a namecoin identity name and have Pidgin verify the claimed fingerprint against the one stored with it.
You probably studied deeper this issue and your original idea is excellent.
I just gave some ideas. If you intend to realize it your solution would be also excellent and would help a lot.
May be I didn't understood all aspect but I cannot see why would be introducing the XMPP address less secure than introducing the Namecoin ID.
As you already stated you need to use a reliable source - the owner should be verified.
If he is not verified then both method are compromised in the same extent.
Let's say somebody is asserting on the IRC channel he is a Bitcoin developer and he is revealing his fake Namecoin ID.
Some could think because he has a Namecoin ID he is verified, but he needs just 0.02 namecoins to make an ID.
Then some will introduce in pidgin his Namecoin ID and will be found based on it his associated XMPP address.
He could ask for some donations or give some false news which would influence the Bitcoin courses.