Changing id spec

[jprider63]

I've been thinking about the id/ namespace, but I don't think it offers what I'm looking for. I want a way to create an online identity where (most of) the data is verified and agreed upon by the network. The current id namespace doesn't fulfill this because it allows email and xmpp addresses. Any user can then pretend to be someone else by changing their associated email/xmpp address.

Perhaps one exception to this is that namecoin/bitcoin addresses are probably ok. If someone puts an incorrect wallet address, they would just lose coins sent to them.

I also think it would be useful to include a field for the user's master pgp public key.

It seems like id/ is already well established so maybe I'll just start a new namespace. Does anyone have any thoughts?

[phelix]

With verification I see mostly two roads: certificate authorities and web of trust. I sure would like to see a Namecoin based wot.

[biolizard89]

I've been thinking about the id/ namespace, but I don't think it offers what I'm looking for. I want a way to create an online identity where (most of) the data is verified and agreed upon by the network. The current id namespace doesn't fulfill this because it allows email and xmpp addresses. Any user can then pretend to be someone else by changing their associated email/xmpp address.

Perhaps one exception to this is that namecoin/bitcoin addresses are probably ok. If someone puts an incorrect wallet address, they would just lose coins sent to them.

I also think it would be useful to include a field for the user's master pgp public key.

It seems like id/ is already well established so maybe I'll just start a new namespace. Does anyone have any thoughts?

Anyone who's using non-authenticated e-mail or XMPP for something mission-critical is an idiot. There simply is no decentralized way to verify that a user controls an e-mail or XMPP address.

Is there a way to sign a message with Bitmessage and output the signature to a file? It sounds doable to sign a Namecoin name with Bitmessage, and place that signature in that name's value.

[jprider63]

With verification I see mostly two roads: certificate authorities and web of trust. I sure would like to see a Namecoin based wot.

Yes, it definitely sounds like I want something similar to a wot. I've been thinking about how this namespace would be defined. Perhaps I'll post the spec to the wiki once I flesh it out a little.

Anyone who's using non-authenticated e-mail or XMPP for something mission-critical is an idiot. There simply is no decentralized way to verify that a user controls an e-mail or XMPP address.

Exactly. That's why I'm proposing email/xmpp not be included in this verified namespace.

Is there a way to sign a message with Bitmessage and output the signature to a file? It sounds doable to sign a Namecoin name with Bitmessage, and place that signature in that name's value.

I honestly don't know much about bitmessage. Is it a way to send files/messages in a decentralized manner?

[biolizard89]

With verification I see mostly two roads: certificate authorities and web of trust. I sure would like to see a Namecoin based wot.

Yes, it definitely sounds like I want something similar to a wot. I've been thinking about how this namespace would be defined. Perhaps I'll post the spec to the wiki once I flesh it out a little.

Anyone who's using non-authenticated e-mail or XMPP for something mission-critical is an idiot. There simply is no decentralized way to verify that a user controls an e-mail or XMPP address.

Exactly. That's why I'm proposing email/xmpp not be included in this verified namespace.

E-mail and XMPP are still secure when used under certain circumstances. For example: I prove to you that I possess an id/ name (I could sign a message with it, or maybe you already trust me to tell the truth), and you later want to contact me via e-mail or XMPP. Assuming that I provide a GPG key or an OTR fingerprint along with my e-mail or XMPP address in the id/ name, you can securely contact me.

Is there a way to sign a message with Bitmessage and output the signature to a file? It sounds doable to sign a Namecoin name with Bitmessage, and place that signature in that name's value.

I honestly don't know much about bitmessage. Is it a way to send files/messages in a decentralized manner?

Yeah, Bitmessage is basically a decentralized, encrypted, signed, somewhat-spam-resistant alternative to e-mail.

[jprider63]

E-mail and XMPP are still secure when used under certain circumstances. For example: I prove to you that I possess an id/ name (I could sign a message with it, or maybe you already trust me to tell the truth), and you later want to contact me via e-mail or XMPP. Assuming that I provide a GPG key or an OTR fingerprint along with my e-mail or XMPP address in the id/ name, you can securely contact me.

My goal for the namespace is to be completely trusted as verified. An email could be considered as a real world "id". If I know your email address and search the network for it, it is possible to find someone else's /id who is pretending to be you. From this perspective, /id is no better than the gpg key servers.

I do have ideas of how to map emails to id/, but it would require trusting the dns record and modifying d/.

Yeah, Bitmessage is basically a decentralized, encrypted, signed, somewhat-spam-resistant alternative to e-mail.

Interesting, I'll have to look into this more.

[biolizard89]

E-mail and XMPP are still secure when used under certain circumstances. For example: I prove to you that I possess an id/ name (I could sign a message with it, or maybe you already trust me to tell the truth), and you later want to contact me via e-mail or XMPP. Assuming that I provide a GPG key or an OTR fingerprint along with my e-mail or XMPP address in the id/ name, you can securely contact me.

My goal for the namespace is to be completely trusted as verified. An email could be considered as a real world "id". If I know your email address and search the network for it, it is possible to find someone else's /id who is pretending to be you. From this perspective, /id is no better than the gpg key servers.

I do have ideas of how to map emails to id/, but it would require trusting the dns record and modifying d/.

Are you seriously suggesting creating a new namespace just because id/ is a superset of what you need? If you don't want to trust the email field of an id/ name, then don't trust it. There's no need to make a new namespace.

I believe the d/ namespace already supports listing contact information; it would be reasonable to link it to an id/ field.

[wpk]

My goal for the namespace is to be completely trusted as verified. An email could be considered as a real world "id". If I know your email address and search the network for it, it is possible to find someone else's /id who is pretending to be you. From this perspective, /id is no better than the gpg key servers.

Every "id" is --by its purpose-- unique in its own domain: In the domain of email communication we call it an "email address". Within the email protocol all agents agree to deliver mail to my address only to me and nobody else. In the domain of the namecoin /id namespace the unique id is a "namecoin id". In a physical dictionary it is a "word".

Outside its domain it makes little sense to enforce uniqueness of the id: Like writing a book where you're only allowed to use each word just once.