[plt-scheme] Forum

From: Synx (plt at synx.us.to)
Date: Mon Dec 28 21:44:16 EST 2009

YC wrote:
> Are you trying to implement a P2P backend for a forum? 

No, I'm trying to separate that backend from the forum itself. My point
is that any number of backends could work for it.

> What is the reason for needing encryption & signing capability you
> described (including splitting/joining messages) in a forum app?

As the saying goes, you cannot outsource encryption. It's important
people sign their own messages, because that ensures nobody has any
opportunity to impersonate them (i.e. to inject spam). It's important
people decrypt their own messages, because that ensures that nobody but
them can read their private correspondence. If you don't feel privacy is
important, I suggest reading the book "The Right to Privacy" by Ellen
Alderman and Caroline Kennedy (ISBN 0-679-41986-1). I just looked at it,
and it gives a very clear picture of the privacy issues that we need to
protect, including a part on purely informational privacy such as what
this forum would deal with.

> How would people interface with this forum?  Through existing mail/news
> client or are you providing a web (or desktop) frontend? 

Some kind of frontend. Existing mail/news clients have certain
assumptions like NNTP, MIME, etc, that at least I myself find rather
difficult to work around. It might be possible, but I think making a
frontend would be easier and less error prone.

> Does your forum need to receive unsecured messages, and do your forum
> users have the ability to accept secured messages?

Near as I can figure, everything needs to be signed at the root, and
signed documents can link to other files that are unsigned, but more
common would be to link to the signature of the file, than linking to
the file itself.

Requiring signatures is important, because it motivates people to use
signatures, and also without signatures, there's really no way to
control who sends you what. So maybe you could receive unsecured
messages on a temporary basis, but there would be no need to since
everyone signs their messages anyway. Similarly someone writing unsigned
messages may successfully deliver them, but more likely they should
expect to just be ignored until they spend 10 seconds making a key to
sign things with. Making signatures optional is exactly the mistake PGP
made, which allows it to be marginalized.

Posted on the users mailing list.