-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi!
I don't know who of you have already heard about Namecoin [1] and namecoin identities [2]. In short, it is a system where you can register names (for instance like "id/domob" to get a nickname "domob"), and once registered, you own the names and no-one can take them away from you and only you are allowed to store values for them. The whole system is based on Bitcoin's technology and is completely decentralised. [1] https://dot-bit.org/ [2] https://dot-bit.org/Namespace:Identity This is in my opinion a very good way to exchange public keys. I can store my public keys in my namecoin identity, and if I meet someone I can just tell them that I'm "id/domob" (which is easy to remember) and she can later on read my public GPG or OTR key (fingerprint) from namecoin and be sure it is mine as long as she remembered my nickname. As long as I keep the private key used to proof ownership of my name safe, no-one can manipulate the public key fingerprints there. For Bitmessage [3] I already implemented a proof-of-concept patch [4], which integrates namecoin into the Bitmessage UI (just enter a human-readable name as recipient address and have it translated into the cryptic BM address stored with the matching namecoin identity). It seems this was quite well received and is already used by some. [3] https://bitmessage.org/ [4] https://bitmessage.org/forum/index.php/topic,2563.0.html Now I'm thinking about how this could be used to verify OTR keys. (In addition to the already existing options with shared secret / question-answer.) For the Pidgin pludin, my plan is to have a fourth option when verifying a key to check it with namecoin. If selected, the user would have to enter a namecoin identity name he knows is owned by his contact, and then it would be checked that the fingerprint is really stored in that name's record. What do you think about this idea in general? Also, if I wanted to implement this addition to the OTR plugin, how should that be done? I think it would be straight-forward to write it as patch to the plugin's code, but I'm not sure if that's the best way to do (because it only makes sense if you want to include it in the official OTR plugin at some point in the future and I'm not sure you would/should). Is it possible to write it as a separate Pidgin plugin, and have this plugin alter the UI of the OTR plugin as well as communicate with it (get the fingerprint to be verified and mark it as trusted)? Sorry if that's a dumb question, but I don't really know much about how pludins in Pidgin work (apart from some introductory tutorials which don't cover more advanced details) ... is it possible for plugins to interact with each other in this way, and can I "manipulate" the behaviour of the OTR plugin from another plugin in this way? If this would at least require some patches to the OTR plugin to allow it to work, do they have a chance of getting into the "official" code? Thanks for your input! Yours, Daniel - -- http://www.domob.eu/ OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52 - -- Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz To go: Mon-Pri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJR8+9zXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MDFDNTIxNjA1MzcxRDJBRjA3MTVBMEU0 RDk0NkVFRDA0RjdDRjUyAAoJEE2Ubu0E989StjwP/34CDkG8m0fJrQCX5HJ1s1bF 00LbFjAWup7R90H3FE92SI6Oj4YsxSc2AafjHwuYSbmDrHhSr2Pfc3V93Ra2MuLn qwrGtmcTnD+XAR7SvOPhoCoTZVCzm8HasnmkvV0dLvYGbdJ4y524SZ+b/y96id/r xUc2dVWdYaXDOv56rMyELxVftiK/vaJhNLBbFi0gW9ykjKV/XyhU5Grn0VzGOVXb TJgWpxzdRbocMMAEu8JDVTf6I99s7p1cJQFQ72Kae9aMOhjm0GB9vBca15QvzA+H StscrevrMDfKdfj1/WaZ9bHaXK+y7LrDVUHndC9NDDbRtRwDtii5qIrd28N/asyG U4m6IpQyHscv5UApQ69DcKOkqZ8BOb5NEO4JZzVPJSTwm4o/atMqSn9zDhfLQW0O f0bZuWPK1QwqTZk4pZrz1/5sNPYw/FS2ZibIM2cDp3n4duUhQMj44DpBpTsO3OJb +ZLNdIx8QVVsvH5VNC3XVsWSWSedYHJTL/M3PMhyJVNeFAXcnf9SFx/OZa7wyWw7 4dc0cEzAFye845gCT40XKZFW6pqw4X3xDn7MWvGAPo3KuGqAJm0L8mYELfW1NnKZ pznWcSqSPcagF0MqB0W6BJzVvKx96YUFU3sNbOvt0kowLTakgywQmflmhGJB1mpb A91LQFO2NUcmyllnGeCO =WjkX -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
