My thoughts are to get rid of the "network" effect.
IE have a DNS where anyone can register whatever they like. That way you can send a message direct to your friend's phone with no middleman.
My invariably naïve thoughts on the SuperSimpleSecretsServer:
- Alice generates 2 publicPrivate key pairs. 1 for the SSSS and 2 for their own use.
- Alice contacts SSSS with PublicKey1.
- SSSS responds with randomstring.
- Alice privatekey1 encrypts the random string and privateKey2 encrypts her IPv6 address and sends both to SSSS.
- SSSS authenticates and stores the encrypted-IPv6-blob against that publickey.
Bob does same.
Alice and Bob exchange (PublicKey1 and PublicKey2) however they do. Alice and Bob can now query SSSS for IPv6 of the respective key(aka person they want to talk to) whenever they want.
But I honestly don't know much about crypto, security, scaling, routing, replication, who'd run it etc etc etc. I just plain don't know much....
1. the focus is still on human readable names and converting that to an IP.
2. the IP address seems plain text to anyone who requests it. Not a key encrypted blob.
So. Not really like what I was describing at all. Maybe it could be tweaked to behave like I wish and it could solve the other aspects of such a service already.
There are some Video presentations to GNUNet and the newest one on the GNS subcomponent mentions "Record confidentiality" - Values in the Table are signed and encrypted by the zone owner. To query a zone you'd first have to get the key of the zone owner, accomplishing what you requested, right?
IE have a DNS where anyone can register whatever they like. That way you can send a message direct to your friend's phone with no middleman.
My invariably naïve thoughts on the SuperSimpleSecretsServer:
- Alice generates 2 publicPrivate key pairs. 1 for the SSSS and 2 for their own use.
- Alice contacts SSSS with PublicKey1.
- SSSS responds with randomstring.
- Alice privatekey1 encrypts the random string and privateKey2 encrypts her IPv6 address and sends both to SSSS.
- SSSS authenticates and stores the encrypted-IPv6-blob against that publickey.
Bob does same.
Alice and Bob exchange (PublicKey1 and PublicKey2) however they do. Alice and Bob can now query SSSS for IPv6 of the respective key(aka person they want to talk to) whenever they want.
But I honestly don't know much about crypto, security, scaling, routing, replication, who'd run it etc etc etc. I just plain don't know much....