On Tue, Apr 04, 2006 at 03:05:16PM +0100, Michael Rogers wrote: > >Well, should we be adding people from seeing their blogs? That is > >precisely how LiveJournal works, but it is dangerous from a darknet > >perspective... > > How do you build up trust in the real world? Reading someone's blog > might give you some idea of whether they're trustworthy - chatrooms and > message boards would be even better.
True enough. I'd hope for two way communication though; it shouldn't be simply a means of reading their blog more easily, a la LiveJournal. :) > Different users will have different > security requirements - you don't have to add anyone on the basis of > their blog, but I'm not sure it's a bad idea to offer the possibility as > long as users are aware of the tradeoffs. > > >Yeah, we should allow introductions, but we should put some careful > >warnings in... > > Definitely. Being able to visualise the web of trust ought to help. Hmmm possibly. I had assumed introductions would be for people known already which can be verified out of band... > > >Not a good idea IMHO. Allow users to introduce a specific friend to a > >specific friend. > > I think it might be useful to have a middle ground between invisibility > and explicit introductions. The default should be invisibility, but > making two friends visible to one another would allow them to size one > another up without making an immediate decision. Otherwise you just have > a name and "er hi... Bob said I should talk to you". Hrrrm. Perhaps. > > >No. We should not encourage people to expose their friends to their > >friends, except by way of specific introductions. > > OK, it's up to you. Dunno. For further thought I think. > > >I don't get it. Bob could have made up a new node with a new key. We > >have to do some sort of out of band verification... if only by asking > >people to confirm introductions out of band. > > Let's say Bob introduces you to someone called Carol. Then you discover > that your friend Dave also has a friend called Carol, with exactly the > same interests and blog postings as the Carol you know, but a different > IP address and public key. Something's wrong - either Bob or Carol or > Dave is lying. The node can detect this automatically, prevent you from > talking to Carol until you've verified her key out of band, and then > tell you which of Bob and Dave gave you the correct key. (Unfortunately > this doesn't prove that the other is a spy because Carol could be giving > out inconsistent information, but it certainly gives you grounds for > suspicion.) Hmmm... yeah, maybe. > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060404/9647518b/attachment.pgp>
