[Freedombox-discuss] FreedomBox 'bump/hi-five' challenge
> > The updated status of 'we met, we have noted each other's
> > identity, we like each other' can be then transmitted [...]
>
> I think it is a mistake to mix "we like each other" into the identity
> verification process here.
>
> The crucial thing is to verify *identity*. If i meet someone who i
> don't like, as long as i'm sure of who they are, i should be able to use
> the same process.
I would go further. I wouldn't even tie the person to some kind
of global identity, government ID, or "verification".
In a decentralized network with cryptographic protection, each
person's key should represent themself -- not their name, not their
driver's license, not their address, not their passport. They can be
"Uncle Charlie" in one person's freedombox, and "Charles Knox, Esq."
in another's. In a third freedombox, the key could represent "Guy I
met at fish dinner with JoAnn, March 2011". Or "Chuck who I always
see in the library on Tuesdays".
The implication for FreedomBox design is that a user's key should be
transmitted WITHOUT further identifying information. Any identifiers
for a received key should be provided by the receiving party.
Not automatically tying a key to a self-claimed identity, nor a
government-issued identity, nor even a photo, will help freedom
fighters stay free when the government grabs somebody and tries to
find all their collaborators. And I think it simplifies the security
model, while still providing what our applications need, which is a
way to identify someone at a distance [over the network] as a
particular person who we have interacted with before.
Of course, people are free to snap a photo, with permission, when
exchanging keys; or to photograph the other person's business card
or vCard, or type in a full name. Or even a driver's license number.
But this shouldn't be required, and I don't even think it should be
the default.
This concept is only a few weeks old; I could've missed some big
reasons not to do it this way.
John
Reply to: