On 01/11/2013 11:42 PM, ianG wrote: > > Question 1: would your application allow multiple keys per person? And > if so, does this mean the app has to manage a petname across multiple > keys, or does the user have to manage multiple petnames across multiple > people? >
Multiple (Ed25519) keys would mean multiple identities. I suppose the contact list manager could easily allow grouping multiple identities if the user knows they're the same person, just like Pidgin does. > Question 2: what happens when a user's PGP key / persona (however it is > termed) is lost or compromised? > > I'm tussling with these issues at the moment. This is the standard key revocation problem. Most likely I'd generate a revocation certificate and store it (encrypted) on friends' computers, along with your own, just like is the recommended practice for PGP. The hard part is the UI, which should probably work similarly to Facebook's report flow, possibly even just automatically revoking a user's key if enough friends report their key as compromised, using quorum encryption. > >> When you start the application for the first time, it prompts you to >> generate a public key or import one (it could be generated from a >> password, but this has some problems associated with it). It lets you >> put any metadata you want on the key, then connects to the network via >> an included list of seed peers, or you could type them in yourself. The >> application would then maintain a list of known reachable peers for >> future connections. > ... > > To echo James' comments, if you want ordinary users, you shouldn't ever > expect them to use keys. Most ordinary users will run screaming on > sight of a PGP key. Absolutely. The word I'd use would be "identity" or "account," never "key". Ordinary users would never even know cryptography was involved. For all they knew everything should be based on a central server.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
