[messaging] Encrypted Pulic Contact Discovery
steve at actor.im
steve at actor.im
Wed Aug 19 11:01:41 PDT 2015
Hi, Matthew
It seems that we can reduce power of auth provider. As we always rely on SMS-gates for auth and they are already much more powerfull in this case. Plus gate can only add fake numbers. What's a problem with it?
For building secure we need more that only single auth provider. For securing some accounts people can use 2FA.
Steve.
19.08.2015, 19:53, "Matthew Hodgson" <matthew at matrix.org>:
> This is similar to the decentralised identity service ideas we've been experimenting with for Matrix. The problem we've hit (which I think this scheme suffers from too) is how you choose which auth providers to trust, otherwise you end up un-decentralising the system as the defacto auth provider ends up with way too much power. Do you consider this a problem?
>
> We've been looking at using something like the stellar consensus protocol to propagate trust/reputation between the auth providers - or limiting ourselves to email and piggybacking on top of DKIM like webfist/webfinger.
>
> p.s. does anyone know how dead/alive webfist is, and whether/why it failed?
>
> --
> Matthew Hodgson
> matrix.org
>
>> On 19 Aug 2015, at 17:26, steve at actor.im wrote:
>>
>> Hello everyone!
>>
>> Just finished small article about one idea of secure contact discovery: https://medium.com/@ex3ndr/encrypted-public-contact-discovery-95cfa0a0f6c7
>>
>> Steve.
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
More information about the Messaging
mailing list