[Freedombox-discuss] Software as Data, Transformation as a Service
On 8 January 2013 14:43, Nick M. Daly <nick.m.daly at gmail.com> wrote:
> Spinning up a way-overdue discussion again. Sorry for the gravedigging,
> but this is good stuff.
> Melvin Carvalho writes:
> > On 1 November 2012 18:44, Nick M. Daly <nick.m.daly at gmail.com> wrote:
> >> Melvin Carvalho <melvincarvalho at gmail.com> writes:
> >>> I think in the case of freedombox it would be desireable to have
> >>> not only a web identity but to tie it to GPG, which is something
> >>> I've already done some work on.
> >> Would you mind describing that a bit? FBuddy  is designed to make
> >> (PGP-) signed/encrypted location statements available, over any service
> >> you're using.
> > Currently looking at 3 areas.
> > 1. Converting GPG keys with X.509 using bouncy castle (have some rough
> > code working)
> Have you made any progress on this? How does this tie in with
> Monkeysphere? I thought they were working on something similar, but
> maybe I misunderstood.
Hi Nick, thanks for bumping this thread.
It's surprisingly tricky to go from binary formats of GPG and X.509, but
I've had some help from Daniel an others. Usual problem is lack of
resources to write tooling.
Some template code is here.
> > 3. Crypto in the browser, for use to encrypt/decrypt maybe sign etc (saw
> > impressive demo from Mozilla last week)
> Can you link to that demo?
There's a big group working on this including mozilla and google
Best person to talk to is probably David Dahl, Mozilla Corporation <
ddahl at mozilla.com>
I can follow up if we have some specific questions.
> > The general idea is to translate some of the features of GPG to the web
> > stack so it an be used for similar purposes in a web context
> > I took a quick look at giorious but if it wasnt that easy to work out all
> > the details in theory it would be nice to use the same master key in
> > different contexts, and provide methods to revoke etc.
> Yes, ultimately I think we all have the goal of using the same PGP
> master key in more areas than it's being used now, however, I'm worried
> that this sort of thing could easily lead to metaphor shear between
> projects: where your PGP key means something significantly different
> between services. Those sorts of changes are going to happen between
> services, but as long as we end up agreeing that a key is used to
> identify a service provided by an identity, then I doubt it'll be a big
Very valid point. Bringing some of the goodness of GPG to the web, I think
is a win win, and not terribly hard to achieve.
-------------- next part --------------
An HTML attachment was scrubbed...