[messaging] Encrypted Pulic Contact Discovery

steve at actor.im steve at actor.im
Wed Aug 19 11:01:41 PDT 2015

Hi, Matthew

It seems that we can reduce power of auth provider. As we always rely on SMS-gates for auth and they are already much more powerfull in this case. Plus gate can only add fake numbers. What's a problem with it?

For building secure we need more that only single auth provider. For securing some accounts people can use 2FA.


19.08.2015, 19:53, "Matthew Hodgson" <matthew at matrix.org>:
> This is similar to the decentralised identity service ideas we've been experimenting with for Matrix. The problem we've hit (which I think this scheme suffers from too) is how you choose which auth providers to trust, otherwise you end up un-decentralising the system as the defacto auth provider ends up with way too much power. Do you consider this a problem?
> We've been looking at using something like the stellar consensus protocol to propagate trust/reputation between the auth providers - or limiting ourselves to email and piggybacking on top of DKIM like webfist/webfinger.
> p.s. does anyone know how dead/alive webfist is, and whether/why it failed?
> --
> Matthew Hodgson
> matrix.org
>>  On 19 Aug 2015, at 17:26, steve at actor.im wrote:
>>  Hello everyone!
>>  Just finished small article about one idea of secure contact discovery: https://medium.com/@ex3ndr/encrypted-public-contact-discovery-95cfa0a0f6c7
>>  Steve.
>>  _______________________________________________
>>  Messaging mailing list
>>  Messaging at moderncrypto.org
>>  https://moderncrypto.org/mailman/listinfo/messaging

More information about the Messaging mailing list