Comments (7)
I'm glad you brought this up. A feature similar to this is something that I've been considering, but I didn't want to put the cart before the horse. I was imagining implementing a system whereby users would automatically sign the public keys of other stations they trust, (chattervox addkey
would add the key, and sign it with your private key). I was imagining certain message payloads could then trigger automatic commands by the client application (similar to irc).
Something like /requestkey KC3LZO
typed in to chat would broadcast a message to all stations listening and if any of them had KC3LZO's key AND you trusted the station that claims it does, it would message it back to you. This would allow you to create a classic web of trust, where new keys for stations you haven't chatted with before could be trusted depending on how many other stations you trust also trust that station.
I'd actually like to add all of the current cli subcommands to the chat by simply prefixing any message with /
, for convenience (e.g. /genkey --make-signing
).
from chattervox.
Alrighty, I hear y'alls requests and have made a public key registry on GitHub at brannondorsey/chattervox-keys. Would love it if y'all would go through the motions of adding your keys and let me know what you think. Open to suggestions, but this was the quick solution, and I think I'm pleased with it. Let me know if y'all have any Qs.
from chattervox.
I like that idea, and not just as a short term solution. I still think some kind of key exchange mechanism built into the TypeScript client would be nice, but a shared registry actually serves a different and useful purpose. Like the MIT PGP key server.
Here are a few solutions I can think of off the top of my head. Suggestions welcome...
- A
chattervox-keys
GitHub repository. Each key could be stored in a flat file using the callsign as the filename.- Pros
- GitHub profiles can act as real-world identity proofs
- Free public hosting on the web
- GitHub API could be used to automatically fetch keys
- Changes to a callsign's keys can be limited to the original submitter only
- A human can vet the submitter's identity
- Anyone can propose a key addition using a PR
- Cons
- A central gatekeeper (repo owner or admins)
- Keys can't be added without a GitHub account
- Pros
- A public wiki site
- Pros
- Anyone can add keys without a gatekeeper
- Cons
- Unauthorized third parties can make changes to existing keys
- Pros
- Use IPFS (and IPNS) to host a centrally controlled list in a distributed manner. This solution is similar drawbacks to the GitHub repository solution with the added bonus of content distribution (no single point of failure).
- Create an Ethereum Dapp for storing keys
- Pros
- Totally distributed with no gatekeeper
- Smart contract could allow users to sign each other's keys
- It's what the cool kids would do
- Cons
- Transaction fees for each addition, change, or signature
- High barrier to entropy
- Lots of work and probably not worth it. Might be fun though.
- It's what the cool kids would do
- Pros
I'd lean towards the GitHub registry as it's easy and would be simple and effective but it's easy to trust myself, so I'd welcome criticism of that idea too. Whatever solution we choose (or is proposed down the line) should incorporate the ability for users to verify each other's identities by signing each other's keys. Another thought, although I'm not sure how it fits into all of this right now, is to somehow incorporate Keybase into the equation. Perhaps keys could be signed using keybase keys, amplifying the web of trust.
Also, don't mean to creep your bio but shout out RVA, that's my hometown 🙃
from chattervox.
Would some sort of simple and totally volunteer directory of users who would like to discover/chat with others could sign up for be a short term solution? Simple app, wiki page, etc?
from chattervox.
I prefer the simple and easy even if it leaves some trust up to owners. Someway of using keybase is interesting as heck too but flat files are flat files and I like the idea of adding your key via a PR. Lots of pro's and only a few downsides. I would be surprised if someone messing with this stuff wouldn't have a GH account but I guess the microsoft thing drove some off.
Also HI FROM RVA it's still pretty hot !
from chattervox.
+1 for starting simple with just a wiki page or github repo + PRs
I was seeing if there was some hacky way to add our own metadata to the FCC registry but I couldn't find one.
from chattervox.
This is more related to key verification than discovery, but operators could use LotW's RSA keypair to sign (and for others, to verify) their chattervox key to ensure legitimacy. AMPRNet uses those keys to restrict VPN access to licensed hams.
from chattervox.
Related Issues (20)
- Include a coarse timestamp to prevent replay of old messages HOT 3
- Unhandled promise rejection. Error: Unknown point format
- Multi-line messages cause UI glitches HOT 1
- Binary releases must live next to serialport.node
- Raspbian NPM issue. HOT 2
- Add send and receive subcommands HOT 1
- Add demo gif to README
- Need iOS & Mac apps please HOT 6
- RFC #1: Timestamp Field HOT 10
- RFC #2: Message Sequence Field
- Prerequisite Hardware Links broken HOT 1
- Encryption support for "Non US Users" HOT 2
- Uncaught TypeError: Invalid magic bytes in packet header. HOT 3
- Screenshot on readme
- Simple build in IRC daemon to use any IRC client? HOT 1
- Public key not found but is installed in keystore.json HOT 1
- feature request-js8 addon for live nets with many users that use the spectrum well like on ic705
- Issues building in 2024 (npm 20)
- Off-by-one in header structure description in readme HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chattervox.