To clarify, I was thinking before (and even discussed in TextoPlano but it had no traction) on a public channel where you store messages that anyone can read, but only a person with the private key can decrypt.
I think the concept is cool, even if I’ve read the security advice from Signal, Session and other IM services, about things I was forgetting on security and strong encryption. Here: https://eprint.iacr.org/2016/1013.pdf
With that said, I don’t see how twtxt could be a good place for that kind of encrypted messages. Am I missing something?
@david@netbros.com You are correct. Think of this as a “filter” – But as I said in another Yarn, I can choose to use a separate feed for encrypted Twts.
@david@netbros.com I don’t want to discourage any idea, indeed I think it’s a good one. I’ve read the whole RFC 770, so I think I understand the result, but not the why. My concern comes from the overhead of having to:
- Manage a lot of keys (with the problems it creates of string private keys)
- Decrypt every message once it arrives
- Not having a way for the non-compatible browsers to hide this content.
@prologic@twtxt.net
“Same argument can be applied to Encrypted Email using GPG”, IMO a more accurate one would be encrypting IRC (although you can send messages in a group/channel or in private). Email is a thing with senders and receivers. Everything on twtxt is public by default, so adding a layer of private content on top of something public first, is weird in my mind… Having a different feed sounds good, like the ‘semi-public’ channel idea I told in my first message.
It seems I’m missing the conversation on IRC in #Yarn.social. I’m looking forward to seeing the result of the RFC. I can’t add anything else for now😄
@eaplmx@twtxt.net All good points especially on the “separate feed” 👌
@prologic@twtxt.net @eaplmx@twtxt.net I also like the idea about a separate feed for encrypted messages using the post-as feature maybe, so it’s easier for other clients to no see the noise of salty jibberish
Could we turn twtxt on it head, so these encrypted feeds are something that all participant are writing to, more like a IRC channel: 2021-01-31T09:59:00Z <darch> message ?
@darch@twtxt.net No, how would that work in a decentralized way? 🤔
@prologic@twtxt.net by everyone having write access to the feed using some API maybe.
@darch@twtxt.net You wold be changing the “model’ too much from a “pull” to “push”. The key concept that makes Yarn/Twtxt decentralised is one’s ability to self-host your feed, use a piece of software that understands the format and extensions, and interact with the network.