log☇︎
600+ entries in 0.055s
artifexd: I guess I like the default sign because I see myself as Panopticon. I don't talk much. But I watch and listen. Default-sign helps me.
artifexd: it allows third parties to construct undeniable chatlogs << while true, I don't see the issue with it
artifexd: No. It is continuity. I assign weight to what they say by my judgement. They assign continuity to what they say by signing it.
artifexd: It doesn't give weight to unknowns. It gives continuity do unknowns should they desire it.
artifexd: Uh... no.
artifexd: Other than some extra bytes, how is it clunk? How does it harm or hinder?
artifexd: nor I
artifexd: !s gossipd
artifexd: The torrents that I have run get 15-20 connections
artifexd: ok
artifexd: What is "preet"?
artifexd: asciilifeform: That is my desire as well
artifexd: I think you're accused of being other people more often than you are impersonated.
artifexd: Not I
artifexd: I start up my little process, it makes a connection to one or eight other people and it just works through the magic of maths.
artifexd: I had imagined #b-a but where everyone is ident'd all the time. No impersonating anyone else is remotely possible.
artifexd: I had imagined few connections, more routing.
artifexd: I wasn't imagining so many direct connections.
artifexd: Sign whatever you want. As long as the timestamp is recent.
artifexd: Sure. I have no issue with that.
artifexd: asciilifeform: You have to have some way of receiving return messages, right?
artifexd: I add the ip address to the key so when I start up, I have a place (or places) to look for you.
artifexd: Sure. Then the handshake doesn't go both ways, but the information shared is the same. I know you have the key you say you have. You know I have the key I say I have.
artifexd: As a currently running gossipd, if I get a connection request with "I'm bob. Here's proof", then I accept the connection and add that ip address to my list for that key. (For later connecting to him)
artifexd: cool. Keep the connection. If not, dump it.
artifexd: I would think that instead of a list of ip addresses you would have a list of pubkeys and each pubkey has one (or more) ip addresses assigned to it. When you start up gossipd, it calls out to all the ip addresses in the lists and says "I'm bob, proven by this signature. Prove you are alice, with cryptoproof". If the answering box responds appropriately, ☟︎
artifexd: 1?
artifexd: 10? 60? 2000?
artifexd: How many connections to other servers do you imagine that you will have? You as in you mircea_popescu.
artifexd: Hmmm.... this is not the project that I thought it was.
artifexd: Your argument is that you WANT deniability?
artifexd: dubious? huh? how? the maths are the maths.
artifexd: The system would, without your interference, label the things I say and the things your artifex say as said by seperate entities.
artifexd: But *you* have to make the choice to be confusing.
artifexd: Sure. If you have two keys in your wot and you want to give them both the same name. Knock yourself out.
artifexd: Nothing I, as artifexd with my key, say will ever show up as said by the same entity as whatever you say with your artifex key.
artifexd: What does that have to do with anything>?
artifexd: I have a fingerprint. Or a public key. I give that fingerprint or key a name. Anything not that key or fingerprint won't match to the name.
artifexd: Huh? Of course it would.
artifexd: That's why the fingerprint and the alias, right? Let the computer notice that the numbers don't match the the numbers that I identify as mircea.
artifexd: He can only impersonate me to people who don't have an absolutely direct connection to me.
artifexd: Preventing some douche from Bumfuck, Idaho from impersonating your hard built identity "isn't particularly good"?
artifexd: No?
artifexd: Fuck. What are we discussing.... Oh yeah. Why automatically adding any type of verification to a message is bad.
artifexd: Yeah.
artifexd: You have to beg for a chance to demonstrate the ability to be interesting before you get a chance to get judged.
artifexd: shit"?
artifexd: After the thing is up and running for 6 months. How does some insightful dude off the street get in? Look for a public (and thus completely untrusted) access ircd that will let him connect and hope to build an identity to the point that you say "hey insightful_dude_from_the_street", what's your ip address? I'll let you connect to me because you say useful
artifexd: Is that the start?
artifexd: Do we get in here, ident, and pass around ip addresses?
artifexd: How do you imagine bootstrapping this thing?
artifexd: Could be him. Could not. Who knows.
artifexd: The key in the wot has no relation AT ALL to the message I just received with a fingerprint.
artifexd: Take away the ability to build an identity and what's left?
artifexd: As you have preached in the past, the identity built over time, secured by wot, has value.
artifexd: signed messages allow someone to build an identity
artifexd: I mean as in trust the message
artifexd: Trust in this case means that, as asciilifeform said, bob(today) is bob(next month)
artifexd: Trust doesn't mean that I take bob's word as gospel.
artifexd: Part of the trust is that you can handle a key.
artifexd: I would have to have a direct connection to bob in order to believe anything with his fingerprint.
artifexd: I would appreciate signed messages so that I could have some moderate assurance that bob is actually bob and not some asshole evil server.
artifexd: Simple: I would sign all my messages so that if you told me that I said something that wasn't signed, I could legitimately call bullshit.
artifexd: Why would I sign messages? Why would I appreciate messages that I receive to be signed?
artifexd: Actually, as fast as I type single second resolution timestamps would be enough.
artifexd: millisecond timestamps and a counter would do that too.
artifexd: Other than the argument that a signed "no" could be used for something malicious. Uh... It just means that you said no. It doesn't imply what you said no in response to. Just that you said no.
artifexd: I still haven't processed the wot part of the spec. I'm still trying to understand why you wouldn't sign the messages. It seems to be asking for evil actors.
artifexd: So what is the value of this vice a private stock ircd with a gribble?
artifexd: Exactly
artifexd: Wanna be somebody else, grab a new key.
artifexd: Signing messages would provide that same assurance. But automatically.
artifexd: When you and I have a conversation on here (and gribble is around, and you ident to a key), then later you and I have another conversation (and, again, gribble is around and you ident to the same key), then I can trust that I am talking to the same person I was before.
artifexd: It would be a timestamped "No".
artifexd: If by "sign" you mean "have some effing clue who just said that"
artifexd: Kinda
artifexd: Everyone is already identified by crypto. Why not ensure that messages that say they are from a keyset actually came from the keyset?
artifexd: Because we are building a new system from the ground up.
artifexd: That seems... less than ideal.
artifexd: What stops server A from inventing messages by B?
artifexd: And D is full of shit.
artifexd: Maybe A is trustworthy but got the message from D.
artifexd: When a message A for B C comes over the wire, how can I trust that B actually said C?
artifexd: There is not. I took that as an oversight.
artifexd: For deniability?
artifexd: You specifically don't want messages signed?
artifexd: Wait. Wut?
artifexd: Ok. The layers are forming in my head.
artifexd: I refreshed the post page. :)
artifexd: It did.
artifexd: Which I can only assume means it ate my comment.
artifexd: Piss... trilema is 502ing again
artifexd: Side question: How do you quote a previous comment on trilema?
artifexd: The storage requirements for a usenet server are stupid high.
artifexd: usenet is pretty damn fast.
artifexd: asciilifeform: What you want sounds very similar to bitmessage, no?
artifexd: Sure it would. If you have a connection to another server, it will send you all the messages it gets. Although I imagine some manner of "screw you, you're too slow" code will be needed eventually.
artifexd: Why? If you're connected when a message comes across the wire, you get it. If not, you don't. Much like irc now.
artifexd: If a bundle is sent every second.
artifexd: An hour? Shit. I was thinking 5 seconds.