In case you didn’t notice, I deleted my Twitter and Keybase accounts. Going full indieweb.
↳
In-reply-to
»
For instance I normally use the same RSA key/pair on all my workstations for my
⤋ Read More
ssh client, because that's me, no-matter where I am. The only exception to this rule is I usually create a separate key for any "work" / " company" I am a part of.
@prologic@twtxt.net I have seen single use keys that are signed by a central PKI .. Keybase has one that uses a chatbot to generate the keys on the fly.
It just comes down to your threat model :)
↳
In-reply-to
»
For instance I normally use the same RSA key/pair on all my workstations for my
⤋ Read More
ssh client, because that's me, no-matter where I am. The only exception to this rule is I usually create a separate key for any "work" / " company" I am a part of.
@prologic@twtxt.net I have seen single use keys that are signed by a central PKI .. Keybase has one that uses a chatbot to generate the keys on the fly.
It just comes down to your threat model :)
↳
In-reply-to
»
@prologic Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user's private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.
⤋ Read More
↳
In-reply-to
»
@prologic Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user's private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.
⤋ Read More
↳
In-reply-to
»
@prologic Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user's private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.
⤋ Read More
I would HIGHLY recommend reading up on the keybase architecture. They designed device key system for real time chat that is e2e secure. https://book.keybase.io/security
A property of ec keys is deriving new keys that can be determined to be “on curve.” bitcoin has some BIPs that derive single use keys for every transaction connected to a wallet. And be derived as either public or private chains. https://qvault.io/security/bip-32-watch-only-wallets/
↳
In-reply-to
»
@prologic Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user's private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.
⤋ Read More
I would HIGHLY recommend reading up on the keybase architecture. They designed device key system for real time chat that is e2e secure. https://book.keybase.io/security
A property of ec keys is deriving new keys that can be determined to be “on curve.” bitcoin has some BIPs that derive single use keys for every transaction connected to a wallet. And be derived as either public or private chains. https://qvault.io/security/bip-32-watch-only-wallets/
↳
In-reply-to
»
Anyone here good with Go and feel like helping me build our a "Direct Messages" feature? I was going to pay someone on Upwork to do this, but I've received very few applicants (just one!) and they aren't that good (stock standard crappy Bootstrap experience and no evidence of any experience with Go).
⤋ Read More
Can we not have clients sign their own public keys before listing them on their Pod’s account?
Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.
↳
In-reply-to
»
Anyone here good with Go and feel like helping me build our a "Direct Messages" feature? I was going to pay someone on Upwork to do this, but I've received very few applicants (just one!) and they aren't that good (stock standard crappy Bootstrap experience and no evidence of any experience with Go).
⤋ Read More
Can we not have clients sign their own public keys before listing them on their Pod’s account?
Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.
@prologic@twtxt.net this is a go version of Keyoxide.org that runs all server side. which is based on work from https://metacode.biz/openpgp/
OpenPGP has a part of the self signature reserved for notatinal data. which is basically a bunch of key/values.
this site tries to emulate the identity proofs of keybase but in a more decentralized/federation way.
my next steps are to have this project host WKD keys which is kinda like a self hosting of your pgp key that are also discoverable with http requests.
then to add a new notation for following other keys. where you can do a kind of web of trust.
@prologic@twtxt.net this is a go version of Keyoxide.org that runs all server side. which is based on work from https://metacode.biz/openpgp/
OpenPGP has a part of the self signature reserved for notatinal data. which is basically a bunch of key/values.
this site tries to emulate the identity proofs of keybase but in a more decentralized/federation way.
my next steps are to have this project host WKD keys which is kinda like a self hosting of your pgp key that are also discoverable with http requests.
then to add a new notation for following other keys. where you can do a kind of web of trust.
@lucidiot@tilde.town @kas@enotty.dk There’s also Keybase as good GPG tool. They offer a lot of encrypted services as well :)
Keybase and Stellar’s SpaceDrop unfortunately was naive in thinking greedy clever hackers wouldn’t find ways to scam the give-away for more Lumens and ruin it for everyone else.
@kas@enotty.dk Thanks for the suggestion using Keybase. Playing around with the authenticity idea.
Signing my twtxt with my johanbove@keybase.io account from today onwards
@kas@enotty.dk But then we wouldn’t be a decentralized network anymore. Or do i misunderstand the nature of keybase?
@kas@enotty.dk But then we wouldn’t be a decentralized network anymore. Or do i misunderstand the nature of keybase?
just learned about keybase chat
@abliss@abliss.keybase.pub I’m still just appending to my twtxt, my client signs it afterwards and uploads the signed version.
@abliss@abliss.keybase.pub I’m still just appending to my twtxt, my client signs it afterwards and uploads the signed version.
@kas@enotty.dk, @kdave@kdave.github.io I don’t get it. How do i generate keys for #saltpack? Do i need #keybase to use it?
@kas@enotty.dk, @kdave@kdave.github.io I don’t get it. How do i generate keys for #saltpack? Do i need #keybase to use it?
Verifying myself: I am aquilax on Keybase.io. mTOp9JxvHDJzg3O4TLHpcHK4LeCmAWKECuzS / https://t.co/jazcllWDTs