John Meacham and I (Seth LaForge) came up with more or less the same very simple changes to Dan's Proposal. Here they are.
The key and the subcategory are seperated by a slash rather than a dot. Subcomponents of the key are seperated by dots rather than dashes. The key is optional - if it is left out, the location begins with a slash and is unencrypted. Thus the full location format becomes:
| key ofb.admin | / | subcategory haqrz.evil | @ | domain ofb.net |
If the subcategory is omitted, the slash may be omitted as well. If the key is omitted, the slash may not be omitted.
| Old Syntax | Dan's New Syntax | My New Syntax | |||
|---|---|---|---|---|---|
| gsend -c pub/comp/linux | gsend pub.comp.linux@ofb.net | gsend /pub.comp.linux@ofb.net (GOOD) gsend pub.comp.linux@ofb.net (ERROR - no such key) gsend /pub/comp/linux@ofb.net (ERROR - too many slashes (?)) | |||
| gsend -c local/seattle/weather | gsend local.weather@seattle.wa.us | gsend /local.weather@seattle.wa.us | |||
| gsend tlau@cs.washington.edu | gsend tlau@cs.washington.edu | gsend tlau@cs.washington.edu | |||
| gsend -c group/ofb/haqrz egnor | gsend ofb.haqrz@ofb.net egnor@ofb.net | gsend /ofb.haqrz@ofb.net egnor@ofb.net | |||
| gsend -C @ugcs.caltech.edu/user/egnor/mail egnor | gsend egnor.mail@ugcs.caltech.edu | gsend egnor/mail@ugcs.caltech.edu | |||
| gsend -C group/slackers.net/admin group@slackers.net | gsend group.admin@slackers.net | gsend group/admin@slackers.net | |||
| gsend -C group/sekrit/foobar sekrit@ofb.net | gsend sekrit.foobar@ofb.net | gsend sekrit/foobar@slackers.net | |||
| gsend -C group/sethml/friends/invitation sethml-friends@ofb.net | gsend sethml-friends.invitation@ofb.net | gsend sethml.friends/invitation@ofb.net | |||
| gsend -C group/sethml/friends/lovers/invitation sethml-friends-lovers@ofb.net | gsend sethml-friends-lovers.invitation@ofb.net | gsend sethml.friends.lovers/invitation@ofb.net |
I think people will want to frequently create new keys for groups of friends - things like sethml.friends@ofb.net and sethml.friends.lovers@ofb.net above. Further, I think that I should be able to hand out the sethml.friends private key to my friends without allowing them to create subkeys signed with it. Thus I propose that each user-visible key be broken into two keys each with private and public keys: the "common" key for signing and decrypting puffs, and the "authority" key for signing subkeys. I would hand out the private key for the common key (auugh) to my friends, but keep the authority key to myself.
I'm not sure how to present these two keys to the user. Perhaps authority keys simply live under a seperate hierarchy:
| Common Key | Authority Key | Both Signed by | |||
|---|---|---|---|---|---|
| sethml.friends.lovers@ofb.net | authority.sethml.friends.lovers@ofb.net | authority.sethml.friends@ofb.net | |||
| sethml.friends@ofb.net | authority.sethml.friends@ofb.net | authority.sethml@ofb.net | |||
| sethml@ofb.net | authority.sethml@ofb.net | ofb.net | |||
| ofb.net | net | ||||
| net | ROOT |
Open issue: What happens when I do give away my authority key to somebody, and she makes her own version of sethml.friends@ofb.net? It could seriously mess up AKD.
| Pros of slash separating key from subcategory | |
|---|---|
| Makes it very clear to users which categories are public and which are encrypted. | |
| Makes it very clear to users which part of the category is the key and which is just subcategory. I suspect that without this, it will take new users quite a while to fully grok that just the first element of the category is the key, and many never will. | |
| Less collision between public categories and usernames. Of course, group categories can still suffer collisions. | |
| Seperating subkeys with a dash makes for problems with usernames which contain a dash (a reasonably common occurance). Is seth-laforge@hoser.com a subkey of seth@hoser.com, or a key of its own? |
| Cons of slash separating key from subcategory | |
|---|---|
| More syntax for users to learn. I'd argue that it is syntax revealing a new concept, though, so it is worthwhile. | |
| It will be easy for users to forget the leading slash on public discussion. However, usually the send will fail in this case because there is no corresponding private key, and they'll learn through negative reinforcemet. | |
| Misleads people (especially existing galies) into using slashes rather than dots in the subcategory part. I'd suggest that for this reason slashes in the subcategory should be illegal. | |
| One more reserved character in cats - one cannot put dates in categories. Oh well. |
As for the common/authority key part, I defer discussion until I and others have put more thought in.
Author: sethml-gale@ofb.net