Re: [Social-discuss] What I think GNU Social's structure should be

[Carlo von Loesch]

Ted Smith typeth:
| > Not sure if you mean what I mean here, so I say what I mean. Groups
| > of people need a managing member that generates a symmetric encryption
| > key and sends it to each member, using each member's public keys just
| > once. Once a secret symmetric key is established, messages can be
| > distributed using regular multicast strategies as all members can
| > decrypt that. Only this spells true privacy within groups of people
| > and thus the social network. 
| 
| My vision is that every user will have an OpenPGP keypair tied to their
| GNU Social identity. This could be managed by the user or totally
| transparent to the user (managed only within the UI). A group would just
| be a set of key IDs to encrypt to.

Yes, a group is defined by just a set of pubkeys, but by negotiating a
shared secret you have overall less work on the sending side and you
get the huge advantage of being able to store the message anywhere,
distributing it more efficiently (multicast rather than round-robin
unicast) and it is always useful to every member of the group rather
than just one.

Also I like having some options concerning repudiability. By using
temporary keys we can have off-the-record-like configurations, not
always use the pgp signature which makes every little chat session
a bit like a legally binding contract.

-- 
___ psyc://psyced.org/~lynX ___ irc://psyced.org/welcome ___
___ xmpp:address@hidden ____ https://psyced.org/PSYC/ _____