Comment by 🐵 cquenelle

=> Re: "I was thinking about ways to sign a gemtext message with a..." | In: u/cquenelle

If I trust the BBS web site then the site can display a verified user supplied public key associated with a user on the site. So the site can make the claim that login=fred is the same as key=ABCXYZ. If other sites that I trust also have a login that seems to talk like Fred with the same verified public key, then I know it’s the same person. If another site spoofs Fred’s key and uses it without his authorizing it, it doesn’t make his key useless, it just spoils my trust in that site.

=> 🐵 cquenelle [OP]

2023-10-13 · 1 year ago

3 Later Comments ↓

=> 🐵 cquenelle [OP] · 2023-10-13 at 04:29:

Step 1) A user friendly, transportable public key. Step 2) Social sites let me voluntarily validate the key using the site and the site announces it on my profile page. Step 3) clients add features that can copy/paste the keys into a client-local address book. Step 4) user friendly transportable identity, the low tech way!

=> ☕️ Morgan · 2023-10-13 at 06:19:

That was pretty much the idea, yes. Rather than share the public key I proposed hashing again then sharing only part, that makes it really only useful for matching identities.

You still have the problem that users could post e.g. to Bubble claiming particular hash. You have to have a "known trusted place" e.g. user profile where the server shares it correctly, and teach people to trust only that.

I think the key advantage to the accepted "link both from somewhere you control" method is that posting hashes does not favour personal capsule owners, instead it relies on trustworthy shared/social capsules.

Thanks.

=> 🐵 cquenelle [OP] · 2023-10-13 at 13:46:

I guess I see the problem in two parts. 1) who is this person claiming to be? 2) Do I trust the claim?

For step one we need a global unique name (that’s provable). For step two it will always be a grey area depending on what sites you personally trust. Different people will trust different sites.

Original Post

=> 🐵 cquenelle

I was thinking about ways to sign a gemtext message with a key and I remember a post a while back talking about posting keys. But my gemsearch king-fu is weak. Can anyone help me? I remember they had the idea of a pictograph for a public key. Maybe I’d want another pictograph for the digest signature? (I know my terminology is wrong there.)

=> 💬 9 comments · 2023-10-07 · 1 year ago

Proxy Information
Original URL
gemini://bbs.geminispace.org/u/cquenelle/6174
Status Code
Success (20)
Meta
text/gemini; charset=utf-8
Capsule Response Time
80.864238 milliseconds
Gemini-to-HTML Time
2.612498 milliseconds

This content has been proxied by September (ba2dc).