-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 19.02.14 08:27, Daniel Kraft wrote: > Hi all! > > As I understand it, the key ingredient into a secure encrypted > messaging system is a trusted exchange of public keys. GPG and > Enigmail solve this at the moment using a WoT with key signatures > and manual fingerprint exchange and comparison. > > I really believe that Namecoin [1] has the potential to improve > this. If you have not yet heard about it, Namecoin is a system > based on Bitcoins consensus technology that allows a secure, > trusted and fully decentralised key-value storage. In particular, > it can be used to associate human-readable online identity names > with things such as, among others, GPG key fingerprints. See also > [2] and my own identity shown at this page at [3]. It is > cryptographically ensured that only the owner of a given name is > able to change the name's associated value. > > [1] http://namecoin.info/ [2] https://nameid.org/ [3] > https://nameid.org/?name=domob > > In other words, if someone stores their GPG key fingerprint with > their online identity, then they can tell others just their name > instead of the key fingerprint for a secure key exchange. I. e., > "domob" instead of 0x04F7CF52 in my case -- which is much easier to > remember for an acquaintance of yours. > > Namecoin identities are described a bit on [4], although the part > about GPG fingerprints is unfortunately not yet added to this page > (but there's a proposed spec for it already). > > [4] https://github.com/namecoin/wiki/wiki/Identity > > I've already implemented a similar key exchange system for > Bitmessage addresses as well as a proof-of-concept fork of > pidgin-otr that allows Namecoin to be used to verify OTR chat > partners. I'm interested in doing the same for GPG and believe > that Enigmail (and not the GPG core) would be the best place to add > this feature. > > What do you think about this idea? Would you be open to accepting > a patch that implements (fully optional, of course!) Namecoin-based > GPG fingerprint verification? If yes, I would love to discuss how > to integrate it best into the UI and work on it.
I think this is a good idea. But Enigmail is "only" a fronted to GnuPG, it has no logic for storing or verifying keys or similar operations. I think that this is something that should be implemented by GnuPG, not Enigmail. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEVAwUBUwURlsk25cDiHiw+AQiIzAgAt5mrYbXgndG95Fygd08ykFLiusBVsdMo Lfjd+Bx0iV8AF4kl7s6KIsf1ERD4BwtobohZzGT60anEKHx38AIUXlxzPd8U9p/u 5BtlcK4ySaRrU39Fk5C7xKFwCkPNLc6NIV343uSsriAwovHoxOTYxOKyvfxPr0wY B+ac/DNjMuCu4ZIUC2gvW58aJfaU9GERRLRkFkWhg2ktAQoEWN2jOYc19YDwlYHG p5eMghQnDBBfipbLMw5D0MG0hfhZnBj2OXEuErqI/Q1ogX3iGs+G6A3mdJSQZMZp TYr19ts424bHXDYoo1ABcLP7stY285BbFaQHrZ5e+XJudC/F/ay0kg== =zAwQ -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net