-
-
Save jamesmunns/a0bf462f9f3a86216e85ae3852c35fb3 to your computer and use it in GitHub Desktop.
| FRAUTH-CONTENTS | |
| name = "James Munns" | |
| note = "Hello, I'm James!" | |
| pubkey = "๐ฅ๐ฟ๐๐ซโ๏ธ๐ฝ๐๐ถ๐ฃ๐๐๐ซโ๏ธ๐๐ธ๐๐พ๐๐๐บ๐ฏ๐ป๐ฆ๐ธ๐๐๐ผโ๏ธ๐๐๐ฌโ๏ธ" | |
| [identities] | |
| email = "james.munns@ferrous-systems.com" | |
| github = "https://github.com/jamesmunns" | |
| twitter = "https://twitter.com/bitshiftmask" | |
| [[friends]] | |
| name = "Alice Shamir" | |
| uri = "https://example.com/.well-known/alice-shamir.frauth" | |
| pubkey = "โ๏ธ๐๐ค๐ผ๐๐ฌ๐๐๐๐จ๐๐ธ๐ฝ๐ฌ๐๐จ๐ฌ๐ฉ๐๐๐ป๐ทโณ๏ธ๐ฃ๐ข๐ซ๐ฐโ๏ธ๐๐ฃ๐โผ๏ธ" | |
| [[friends]] | |
| name = "Bob Diffie" | |
| uri = "https://beispiel.com/.well-known/bob-diffie.frauth" | |
| pubkey = "๐จ๐จ๐๐จ๐๐โก๏ธ๐ค๐๐๐๐๐๐ซ๐ท๐ธ๐ ๐ ๐๐ณ๐ฎ๐๐๐๐๐ฟโ๏ธ๐จ๐ช๐๐๐" | |
| FRAUTH-SIGNATURE | |
| ๐ตโณ๏ธ๐๐ข๐๐๐โฌ ๏ธ๐๐ฌ๐๐โฌ ๏ธ๐๐ซ๐ป๐ง๐๐๐ผโ๏ธ๐๐๐บ๐ชโ๏ธ๐๐ข๐ฐ๐ป๐๐ด๐๐๐ป๐บ๐ตโฌ๏ธ๐๐โฌ ๏ธ๐๐จ๐ธโ๏ธ๐๐ฆ๐๐ป๐๐๐ผ๐๐๐๐ ๐ป๐ณ๐๐๐๐๐๐ข | |
| FRAUTH-ENDOFFILE |
The idea is to build a "web of trust" from verified friends, and their verified friends. The tool should not report a binary trust, but instead display a weighted value based on their distance (so a direct trusted friend is 1.00, a friend of a friend would be less, and a friend of a friend of a friend would be even less).
The hope is to have a distributed and peer-to-peer solution for problems currently solved by gpg (and associated registries) as well as services such as keybase.
This tool does not aim to have configuration around encryption options, to reduce complexity. Currently ed25519/edDSA is used for all functionality. Future versions of the tool may include semantic versioning of files, allowing for a limited amount of backwards compatibility.
Long term goals
- A CLI tool will be able to spider the web of trust, to some configurable depth, caching the results locally.
- A CLI tool will be able to periodically update the cached results, notifying the user on changes, and removing verified contacts if details have changed.
- A CLI tool can notify when identity changes, or when new items can be imported to the web of trust
- A CLI tool can display an "address book" based on this web of trust
- A CLI tool will be able to encrypt a message to a given person using their verified (or web of trust known) public key by using their ed25519 public key for EdDSA asymmetric encryption. The recipient of this message can verify this message using the CLI tool.
- TODO: Verify if this is sound?
- TODO: Sign message with own private key inside or outside of encrypted message?
- A CLI tool will be able to sign a given message, using own private key. Recipients will be able to verify this message using the CLI tool.
- Very very long term: Ability to sign/verify git commits using frauth data?
Format is roughly:
<ed25519 signature of <TOML Content>>doesNOTconsider comments within the toml file,though they are allowed. The signature is essentiallysign(serialize(deserialize(<TOML Content>)))sign(<TOML Content>).Contents are not reordered on serialization/deserialization.EDIT: I will expect the tool to sign the raw TOML content, rather than putting it through a
serialize(deserialize())chain, based on suggestions from others.TOML Contents is roughly:
emailortwitterorgithubpubkeyat the root of the file located at the uri for this element