I've been thinking about the id/ namespace, but I don't think it offers what I'm looking for. I want a way to create an online identity where (most of) the data is verified and agreed upon by the network. The current id namespace doesn't fulfill this because it allows email and xmpp addresses. Any user can then pretend to be someone else by changing their associated email/xmpp address.
Perhaps one exception to this is that namecoin/bitcoin addresses are probably ok. If someone puts an incorrect wallet address, they would just lose coins sent to them.
I also think it would be useful to include a field for the user's master pgp public key.
It seems like id/ is already well established so maybe I'll just start a new namespace. Does anyone have any thoughts?
Changing id spec
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Changing id spec
Anyone who's using non-authenticated e-mail or XMPP for something mission-critical is an idiot. There simply is no decentralized way to verify that a user controls an e-mail or XMPP address.jprider63 wrote:I've been thinking about the id/ namespace, but I don't think it offers what I'm looking for. I want a way to create an online identity where (most of) the data is verified and agreed upon by the network. The current id namespace doesn't fulfill this because it allows email and xmpp addresses. Any user can then pretend to be someone else by changing their associated email/xmpp address.
Perhaps one exception to this is that namecoin/bitcoin addresses are probably ok. If someone puts an incorrect wallet address, they would just lose coins sent to them.
I also think it would be useful to include a field for the user's master pgp public key.
It seems like id/ is already well established so maybe I'll just start a new namespace. Does anyone have any thoughts?
Is there a way to sign a message with Bitmessage and output the signature to a file? It sounds doable to sign a Namecoin name with Bitmessage, and place that signature in that name's value.
Re: Changing id spec
Yes, it definitely sounds like I want something similar to a wot. I've been thinking about how this namespace would be defined. Perhaps I'll post the spec to the wiki once I flesh it out a little.phelix wrote:With verification I see mostly two roads: certificate authorities and web of trust. I sure would like to see a Namecoin based wot.
Exactly. That's why I'm proposing email/xmpp not be included in this verified namespace.biolizard89 wrote:Anyone who's using non-authenticated e-mail or XMPP for something mission-critical is an idiot. There simply is no decentralized way to verify that a user controls an e-mail or XMPP address.
I honestly don't know much about bitmessage. Is it a way to send files/messages in a decentralized manner?biolizard89 wrote:Is there a way to sign a message with Bitmessage and output the signature to a file? It sounds doable to sign a Namecoin name with Bitmessage, and place that signature in that name's value.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Changing id spec
E-mail and XMPP are still secure when used under certain circumstances. For example: I prove to you that I possess an id/ name (I could sign a message with it, or maybe you already trust me to tell the truth), and you later want to contact me via e-mail or XMPP. Assuming that I provide a GPG key or an OTR fingerprint along with my e-mail or XMPP address in the id/ name, you can securely contact me.jprider63 wrote:Yes, it definitely sounds like I want something similar to a wot. I've been thinking about how this namespace would be defined. Perhaps I'll post the spec to the wiki once I flesh it out a little.phelix wrote:With verification I see mostly two roads: certificate authorities and web of trust. I sure would like to see a Namecoin based wot.
Exactly. That's why I'm proposing email/xmpp not be included in this verified namespace.biolizard89 wrote:Anyone who's using non-authenticated e-mail or XMPP for something mission-critical is an idiot. There simply is no decentralized way to verify that a user controls an e-mail or XMPP address.
Yeah, Bitmessage is basically a decentralized, encrypted, signed, somewhat-spam-resistant alternative to e-mail.I honestly don't know much about bitmessage. Is it a way to send files/messages in a decentralized manner?biolizard89 wrote:Is there a way to sign a message with Bitmessage and output the signature to a file? It sounds doable to sign a Namecoin name with Bitmessage, and place that signature in that name's value.
Re: Changing id spec
My goal for the namespace is to be completely trusted as verified. An email could be considered as a real world "id". If I know your email address and search the network for it, it is possible to find someone else's /id who is pretending to be you. From this perspective, /id is no better than the gpg key servers.biolizard89 wrote:E-mail and XMPP are still secure when used under certain circumstances. For example: I prove to you that I possess an id/ name (I could sign a message with it, or maybe you already trust me to tell the truth), and you later want to contact me via e-mail or XMPP. Assuming that I provide a GPG key or an OTR fingerprint along with my e-mail or XMPP address in the id/ name, you can securely contact me.
I do have ideas of how to map emails to id/, but it would require trusting the dns record and modifying d/.
Interesting, I'll have to look into this more.biolizard89 wrote:Yeah, Bitmessage is basically a decentralized, encrypted, signed, somewhat-spam-resistant alternative to e-mail.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Changing id spec
Are you seriously suggesting creating a new namespace just because id/ is a superset of what you need? If you don't want to trust the email field of an id/ name, then don't trust it. There's no need to make a new namespace.jprider63 wrote:My goal for the namespace is to be completely trusted as verified. An email could be considered as a real world "id". If I know your email address and search the network for it, it is possible to find someone else's /id who is pretending to be you. From this perspective, /id is no better than the gpg key servers.biolizard89 wrote:E-mail and XMPP are still secure when used under certain circumstances. For example: I prove to you that I possess an id/ name (I could sign a message with it, or maybe you already trust me to tell the truth), and you later want to contact me via e-mail or XMPP. Assuming that I provide a GPG key or an OTR fingerprint along with my e-mail or XMPP address in the id/ name, you can securely contact me.
I do have ideas of how to map emails to id/, but it would require trusting the dns record and modifying d/.
I believe the d/ namespace already supports listing contact information; it would be reasonable to link it to an id/ field.
Re: Changing id spec
Every "id" is --by its purpose-- unique in its own domain: In the domain of email communication we call it an "email address". Within the email protocol all agents agree to deliver mail to my address only to me and nobody else. In the domain of the namecoin /id namespace the unique id is a "namecoin id". In a physical dictionary it is a "word".jprider63 wrote:My goal for the namespace is to be completely trusted as verified. An email could be considered as a real world "id". If I know your email address and search the network for it, it is possible to find someone else's /id who is pretending to be you. From this perspective, /id is no better than the gpg key servers.
Outside its domain it makes little sense to enforce uniqueness of the id: Like writing a book where you're only allowed to use each word just once.