Hi all, I've been thinking about the problems involved in the initial setup of a Freedombox, particularly the challenge of finding your friends' Freedombox addresses. Has anyone else been through this already? I couldn't see anything which really spelled this out on the wiki.
I'm going through this because I can see how Freedombuddy can negotiate services once you know your friends' onion addresses, but I don't see how you find those in the first place. Normally I hate talking without any code to show for it, but I don't see any other way for this... other than coding away in secret, and it seems risky not to have any feedback at all. So far, I've got the following workflow to aim for, which uses email contacts to bootstrap potential "friends". Initialization: =============== - User plugs in freedombox, and connects a network cable to their normal router - User connects to e.g. "freedombox1234" wireless network (ESSID/WPA2 key set during installation and printed on the device?) - User browses to web UI, which shows a login screen with a registration link. - User chooses to register a new account. Registration: ============= - UI prompts user for a name, email address, Freedombox password - UI asks user if they would like to create a GPG key, or use an existing one - UI tries to figure out the host/port settings for their email address, and prompts the user if that fails - UI prompts user for IMAP/SMTP credentials At this point, the user has got a functioning web-based IMAP client, talking to their normal email address. Use cases involving automatically signing/encrypting outgoing mail become possible at this point. Optionally they could set up a desktop mail client to talk to the Freedombox. I am not sure how this would work on laptops or phones which could be outside the home network, because we haven't yet solved the problem of exposing services on a public IP (have we?). The Freedombox can now start syncing the account's email to the local device, and try to detect if any of the user's contacts have GPG keys (via email signatures, DNS lookups or the keyservers) - probably best to go over Tor for this bit. Creating/importing a GPG key: ============================= This next bit might be crazy - but could you encode the onion URL for the Freedombox's Freedombuddy Tor hidden service in a GPG uid? Probably as a dummy email address, e.g "Freedombox <tim@example.onion>" - A key is generated using the user's email address as the primary uid, OR the user provides an existing GPG key - System asks user for permission to add a Freedombox uid to the key, encoding the onion URL that can be used to find this Freedombox on Tor. - System asks user for permission to upload the key to the keyservers Now, it would obviously not be obligatory for any individual to use this mechanism, but it would make discovering Freedombox addresses much easier. After all, the existence of a social networking profile is often public knowledge - but you need to be granted extra permissions by the owner in order to actually connect to it and see anything. If the user doesn't want to make public the existence of their Freedombox, that's fine - they will just be less discoverable. We can still check for public Freedombox uids below. Suggesting contacts: ==================== - System downloads an email contact's GPG key - System checks for "Freedombox" in the GPG uids - UI shows the user potential "friend" Freedomboxes - User can select and add these people as contacts - System connects to friendly Freedomboxes, to ask for permission to do more stuff, or to discover more services like XMPP ids. I reckon that users should be able to have friends who are untrusted, i.e. we don't expect people to meet up and exchange key signatures before they can communicate, in the same way that you can "add" people on social networks without knowing it's actually a fake profile. UI to support the web of trust can come later. Future extensions: ================== - The model here is first to intercept rather than replace the user's existing email account. Complete replacement has to come later, after the challenges around potentially dynamic public IP addresses are resolved. Could we take the same approach with XMPP or other social networking accounts? - How would services on public IPs be offered? (UPnP to punch through the router, and then Freedombuddy tells others about them?) - Can we add a sharing model, where I grant my friends permission to share my Freedombox address with their friends? This would also greatly speed up discovery of other interesting Freedomboxes. Note that I have not yet figured out how to implement any of the above! -- Tim Retout <dioc...@debian.org>
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
