a sketch:
POST /new
_algorithm: HMAC;
_pubkey=…;
_entityID={new};
attribute=value;
attribute=value;
attribute=value;
_signature: ...

insert generates:
* agentID
* entityID (if {new})
* transactionID
* add or nullify (boolean)

records are of the form
{ agentID, entityID, transactionID, attribute, value, [ add | null ] }

where transactionID is some object that can be sorted by time at the desired scope, local, global, or high speed distributed. (e.g. integer, UTC, vector clock )

POST /{entityid}
_algorithm: HMAC;
_pubkey=…;
attribute=value;
attribute=value;
_signature: …

Only accept post if pubkey matches previous agentID.

I guess.
I HAVE NO IDEA WHAT I'M DOING.

Show thread

so basically, imagine some kind of social networking site, but in order to sign up you must provide your public key.

how many non nerd people have I turned away with that one requirement?

what if i include friendly instructions for how to safely generate and store a keypair. does that help?

what if i generate the keypair FOR you.

fine, that’s insecure, and dodge.

what would i need to put in place to prevent abuse? invite only? human vetted registrations?

Show thread

@zens I keep wondering why Google added Filesystem, Battery, Sensor etc. API to browser but nothing to do public key cryptography that would work with normies (e.g. keys generated for you by the browser). I have been waiting for this for decades now... that would solve many problems like this.

@brombek in fact, google + mozilla did get something like that into browsers. but it’s not keypairs it’s smart cards/smartkeys - like yubikey

@zens I am not a normie and I don't have one. This is probably to only helping corpos.

@brombek there is alao this thing mattrubin.me/authenticator/
which is… not terribly complicated but i haven’t seen any user tests on it. it’s one of a whole class of apps that basically do the job of the smart card/ yubikey thing

Follow

@zens That is cool. My point is that it needs to be built-in the browsers by default and set up by default on first run without even users knowing and not requiring any extra hardware. Otherwise you have already failed for normies.

Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!