[Freedombox-discuss] Bootstrapping a Freedombox contact list

Subject: [Freedombox-discuss] Bootstrapping a Freedombox contact list
From: nick.m.daly@gmail.com (Nick Daly)
Date: Wed, 20 Nov 2013 20:40:23 -0600
Message-id: <[🔎] 874n76o4tk.fsf@gmail.com>
In-reply-to: <[🔎] 1384987510.20533.35.camel@air>
References: <[🔎] 1384987510.20533.35.camel@air>

Tim Retout <diocles at debian.org> writes:

> I've been thinking about the problems involved in the initial setup of a
> Freedombox, particularly the challenge of finding your friends'
> Freedombox addresses.  Has anyone else been through this already?  I
> couldn't see anything which really spelled this out on the wiki.

Tim, thanks for writing this all out, I'll try to read through it in the
next few days.  After Plinth v0.3.1 is released, I'll work on making
these changes in FreedomBuddy.  Please let me know what you think of
this.

My goal is to make it trivial to exchange service addresses and PGP keys
in person (and remotely, but keys must still be verified in person).
When a the chooses "introduce me" in the FreedomBuddy UI, the following
is written to an archive on a USB stick (or any local removable device):

- My public PGP key.

- The "introductory package" of services that I share with everybody
  (FreedomBuddy, possibly other common services, like a wiki).

The archive is signed by the enclosed public key.  The archive (unlike
normal FreedomBuddy messages) is not encrypted, because the users don't
know whose key to encrypt to, yet.  Both users will then exchange their
USB sticks and read in one another's archives.  If the archive has a
valid signature, the services are imported.

At this point, each user will have the other's public key and service
locations and can communicate and update locations normally.  Since the
USB stick contains unencrypted data, it should then be wiped (shred?) by
the receiving user, even though shred is of limited use on flash memory.

If users have already exchanged keys, the messages can be encrypted for
remote transmission (email, etc.).

Also, I'd really like to point out [0, 1] to folks.  They could be
mighty useful going forward.

Thanks for your time,
Nick

0: https://whispersystems.org/blog/simplifying-otr-deniability/

1: https://tools.ietf.org/html/draft-brown-pgp-pfs-03
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131120/015f569c/attachment-0001.sig>

Reply to:

References:
- [Freedombox-discuss] Bootstrapping a Freedombox contact list
  - From: diocles@debian.org (Tim Retout)

Prev by Date: [Freedombox-discuss] Mailing List
Next by Date: [Freedombox-discuss] Purchase Order / Quoation
Previous by thread: [Freedombox-discuss] Hosting public services (was: Re: Bootstrapping a Freedombox contact list)
Next by thread: [Freedombox-discuss] Purchase Order / Quoation
Index(es):
- Date
- Thread