Are you trying to implement a P2P backend for a forum? <br><br>What is the reason for needing encryption & signing capability you described (including splitting/joining messages) in a forum app?<br><br>How would people interface with this forum? Through existing mail/news client or are you providing a web (or desktop) frontend? <br>
<br>Does your forum need to receive unsecured messages, and do your forum users have the ability to accept secured messages? <br><br>Cheers,<br>yc<br><br><div class="gmail_quote">On Sun, Dec 27, 2009 at 12:16 AM, Synx <span dir="ltr"><<a href="mailto:plt@synx.us.to">plt@synx.us.to</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"><br>
Andrew Reilly wrote:<br>
<br>
> Have you correlated your ideas against Google's "wave"?<br>
<br>
</div>***YES***<br>
<br>
...<br>
<br>
okay, not to be inflammatory or anything; I have looked into the various<br>
other ways people are working on it. The closest model to my idea is<br>
FMS+Freenet. You could, technically, implement everything I said with<br>
that. The trouble is it has so much other baggage. I just wanted to<br>
focus it down to a file format, and let the network design or methods of<br>
transport remain open to the different situations people have. Plus FMS<br>
doesn't let you post images, lol.<br>
<br>
Google Wave seems like it would be similar to what I'm talking about,<br>
but unless I miss my guess, that is more propaganda than actual truth.<br>
The fact is that Google Wave doesn't have secure signing, doesn't have<br>
private end-to-end encryption, and doesn't have a way to refer to other<br>
messages and attachments simply by their content hash key. As far as I<br>
can tell it's a glorified email program that relies on blind trust in<br>
the server authorities to allow you to have an identity at all. The<br>
ability to compose messages is somewhat enhanced due to a semi-smart XML<br>
format instead of (ugh) MIME, but the average user won't even so much as<br>
be asked if they want to sign their messages, much less be led through a<br>
sensible system that will ensure all breaches of privacy are their own<br>
damn fault and not just ignorance.<br>
<br>
Thanks for asking, truly, but Google Wave doesn't solve any of the<br>
problems I'm concerned with. They even specify the network protocol<br>
(XMPP) instead of making a solidly decoupled standard for accessing<br>
cataloging and verifying files. I hope that this forum can be<br>
transported over Google Wave one day. But it should also work over<br>
email, or by hand delivered letters. The only trick is the destination<br>
has to decode it in the same manner that the source encodes it, but in<br>
between it can pass through many channels, and many untrusted sources,<br>
and the absolute worst that could happen is simply failure of delivery.<br>
<br>
Given the Gnutella network and a PGP program I could manually implement<br>
this forum I'm thinking of. It is quite do-able by hand, but I feel that<br>
the process of splitting up messages into pieces and generating the tree<br>
of signing and encryption necessary to protect the original message, is<br>
an ideal task for computers to perform. So I wanted to make a system<br>
that is well defined, in terms a computer can understand, to allow us to<br>
make use of such practices as secure signing, maximum piece size limits,<br>
hash verification, and encryption, with nothing more complicated than<br>
the push of a button.<br>
<div><div></div><div class="h5">_________________________________________________<br>
For list-related administrative tasks:<br>
<a href="http://list.cs.brown.edu/mailman/listinfo/plt-scheme" target="_blank">http://list.cs.brown.edu/mailman/listinfo/plt-scheme</a><br>
</div></div></blockquote></div><br>