#social 2019-02-18

2019-02-18 UTC
#
cwebber2 finished writing up the documentation for the Spritely Golem demo: https://gitlab.com/spritely/golem/blob/master/README.org
#
cwebber2 would love to hear feedback... especially if you try running the demo :)
#
cwebber2 fr33domlover: oh awesome
Guest84 and xmpp-social joined the channel
#
fr33domlover cwebber2, great documentation!!
rZr joined the channel
#
cwebber2 thanks fr33domlover :)
#
jdormit[m] cwebber2 (IRC): Great writeup. Haven't gotten a chance to run the demo yet but I'm impressed with the work you've done so far. I'd like to learn more about the symmetric encryption part of the demo - do both Alice and Bob use the same key? How would you encrypt a message such that only one other actor could read it?
#
jdormit[m] I guess in general what should I be googling to learn more about that type of encryption?
#
cwebber2 jdormit[m]: the asymmetric encryption part comes in for the channel through which the magnet/magenc id is delivered
#
cwebber2 so there's a secure channel between the two parties
#
cwebber2 anyone can deliver the encrypted blob around but if the symmetric key wasn't *delievered* to your actor as part of the magenc uri then they don't know what to do with it
#
cwebber2 I hope that makes sense!
#
cwebber2 the Magenc writeup also explains more
#
cwebber2 I recommend reading that as well.
#
cwebber2 gotta go, will be back around later!
#
cwebber2 glad you liked the writeup jdormit[m] :)
#
jdormit[m] so when Alice sent Bob her message, she also included the key? And since she didn't send it to anyone else, even though the content is publically accessible via the magenc uri only Bob and alice have the key to decrypt it
#
jdormit[m] So is Alice trusting Bob to not just send the key along to someone else?
#
jdormit[m] see you around :)
#
nightpool[m] but because it's a symmetric key, there's no risk in bob sending it to someone else, right?
#
nightpool[m] they only have bob's word that it's alice's key
#
nightpool[m] i guess it depends on the properties of the exchange channel
#
nightpool[m] that's used to bootstrap the magnetenc link
#
jdormit[m] what's to stop Bob from saying, "here's the URI of the private message Alice sent me and here's the key she sent with it"? Couldn't anyone then use that key to decrypt the message?
#
nightpool[m] sure, but he could also take a screenshot
#
jdormit[m] yeah fair enough
#
jdormit[m] I guess all encryption is predicated on trusting the recipient party
#
nightpool[m] i mean not really
#
nightpool[m] that's why we have deniability
#
nightpool[m] screenshots aren't authenticatable
#
nightpool[m] public key encryption, for example, is completely authenticatable
#
nightpool[m] you have mathematically unarguable proof living around forever that you said something
#
jdormit[m] whereas because symmetric keys aren't inherently tied to an identity, they are deniable?
#
nightpool[m] i don't think it's true to say they're deniable in and of themselves
#
nightpool[m] it depends on the channel they were exchanged over
#
nightpool[m] but they don't make the situation any worse, so they provide the ability to build deniable solutions "beneath" them
#
nightpool[m] i mean, there's nothing that prevents asymmetric encryption from being used in this way either
#
nightpool[m] you just lose the benefit of being able to have a "public" key in the same sense, so there's a lot less reason to use it
#
jdormit[m] right, that makes sense. i.e. the whole point of asymmetric encryption is having a public key that anyone has access to that is tied to your identity
#
jdormit[m] cwebber's magenc writeup made it a lot clearer
#
jdormit[m] https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/topics-and-advance-readings/magenc.md
#
jdormit[m] would recommend
rZr and cwebber2 joined the channel
#
dansup Hello, started a new side project, self hosted status page with AP support to follow service updates!
#
nightpool[m] saw that!
#
jdormit[m] dansup: a status page for PixelFed?
#
dansup jdormit[m]: its not just for pixelfed, anything really :)
#
dansup just recorded a screencast, one sec
#
dansup jdormit[m]: you are in it from that irc notification lol, https://mastodon.social/@dansup/101615045850065670
#
dansup i didnt want to re-record it
#
jdormit[m] Haha I am famous now!
#
jdormit[m] Don't have a chance to watch now but will make time tonight or tomorrow
vitalyster left the channel
#
dansup jdormit[m]: heh yeah its pretty simple atm, need to finish the InboxWorker and Fanout jobs (it only accepts Follow and Undo.Follow) https://github.com/dansup/state