Hi all! As I understand it, the key ingredient into a secure encrypted messaging system is a trusted exchange of public keys. GPG and Enigmail solve this at the moment using a WoT with key signatures and manual fingerprint exchange and comparison.
I really believe that Namecoin [1] has the potential to improve this. If you have not yet heard about it, Namecoin is a system based on Bitcoins consensus technology that allows a secure, trusted and fully decentralised key-value storage. In particular, it can be used to associate human-readable online identity names with things such as, among others, GPG key fingerprints. See also [2] and my own identity shown at this page at [3]. It is cryptographically ensured that only the owner of a given name is able to change the name's associated value. [1] http://namecoin.info/ [2] https://nameid.org/ [3] https://nameid.org/?name=domob In other words, if someone stores their GPG key fingerprint with their online identity, then they can tell others just their name instead of the key fingerprint for a secure key exchange. I. e., "domob" instead of 0x04F7CF52 in my case -- which is much easier to remember for an acquaintance of yours. Namecoin identities are described a bit on [4], although the part about GPG fingerprints is unfortunately not yet added to this page (but there's a proposed spec for it already). [4] https://github.com/namecoin/wiki/wiki/Identity I've already implemented a similar key exchange system for Bitmessage addresses as well as a proof-of-concept fork of pidgin-otr that allows Namecoin to be used to verify OTR chat partners. I'm interested in doing the same for GPG and believe that Enigmail (and not the GPG core) would be the best place to add this feature. What do you think about this idea? Would you be open to accepting a patch that implements (fully optional, of course!) Namecoin-based GPG fingerprint verification? If yes, I would love to discuss how to integrate it best into the UI and work on it. I'm really looking forward to comments on this idea! Yours, Daniel -- http://www.domob.eu/ OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52 Namecoin: id/domob -> https://nameid.org/?name=domob -- Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz To go: Mon-Pri _______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
