[Commotion-dev] a related crypto mesh effort: Neruda
Hans-Christoph Steiner
hans at guardianproject.info
Thu Apr 12 00:44:37 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/11/2012 05:28 PM, Michael Rogers wrote:
> On 06/04/12 15:39, Hans-Christoph Steiner wrote:
>> Here's the proposal for an "open yet hardened overlay network"
>> with similar goals to Commotion from the FreedomBox people. I
>> like their idea for using the host key fingerprint as a normal
>> IPv6 address, since they can be the same length. This allows
>> for multiple crypto algorithms to be used, and might allow for
>> more transparent operation.
>
> It might be worth looking at the Host Identity Protocol, which
> does something similar:
>
> http://tools.ietf.org/html/rfc4423
> http://tools.ietf.org/html/rfc5201
>
> Isaac Wilder <isaac at freenetworkmovement.org> wrote:
>>> In particular, Neruda would be a distributed hash table whose
>>> search keys would be long-form GPG Key IDs, and whose values
>>> would be the IPv6 address currently associated with the key in
>>> question. (Search key and crypto key are therefore identical).
>
> There's a privacy issue here that bothers me. Any participant in
> the DHT can potentially track the IP addresses stored under a given
> GPG key over time, thus tracking the location of the key's owner,
> and can potentially see which IP addresses perform lookups for
> which GPG keys, thus discovering social relationships.
>
> (Sorry for sending two criticising emails in one day!)
Good to hear your opinion! I for one don't have much info on this
proposal, so the more info the better, in my opinion.
.hc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJPhiVtAAoJEJ8P5Yc3S76BKfUP/jtV8iBddx0/cyPmN8kWYnaB
EN7e2du+NXfVPIeR7TC+bTnpvur3DB6VvFdoUr4cb1LoiWY39Eyj4djMt21YMDZy
FNV/Y/eOqQxxlTNsXWc58mDXJDA9bX/K1yluctp3FfGVl1bFxYgBZ52QOafivm0G
Tpjz9tk9yEE8Y/VZNoapbmj0QYYvM2m04TGVBbjXPXPu9mGyvYcDG1Ym+OFdFECg
wSpmPnNABnaC/ZennH/rIffNREzTqwXtZDLN9pO1xpJJ/TL6Z9WHMMONk3YmivnM
s61vji0atF767teGzU5ofAetooriObdtcOgaKVKro/IrJpNwiTg8yJ8Y4mWc4b+J
Zl1J8KIDgUXqaCnCQVisNZJldCDk+7TFYxgiecSDx8Qkn34jWdLDvpqWkeWcduLw
70aVKCGLTEpY3L/T8wzlKz3y6s2L5J040FzXpL2xUFca+02DpOTyirrV6HSFcsko
UjIQfwvHATpxWvkPzvtC/JqcPl4vA3wVbrw8BYdua2s9u2eOoDNiE5aMv3Htno6D
RMdzP2zFC+p3PLpL0cqwlW5dlBOipo8Ba8aik8CCujzniUQChE+AdSh/s3Ap8n6Z
++UX1dIph9InSk2izkaP4gAXZn0umAT0hR6vnwu02Xen4m7B0UniHzQbe0g/58TC
NGeyIKigQtO3rFMeR4EF
=eH1d
-----END PGP SIGNATURE-----
More information about the Commotion-dev
mailing list