Re: [Social-discuss] What I think GNU Social's structure should be

[Ted Smith]

On Mon, 2010-03-29 at 06:25 +0200, Carlo von Loesch wrote:
> | If we are caching our data on other nodes, we want to make sure that
> our
> | data is safe. I think the best way to do this is to create "groups"
> of
> | other users, and encrypt content we only want them to see to their
> GNU
> | Social public keys. For instance, let's say we want a status update
> to
> | only be visible to a certain group. That status update will be
> | transmitted as ciphertext and decrypted in the UI of the group
> members
> | who view it. That ciphertext can be cached anywhere without a loss
> of
> | privacy.
> 
> Not sure if you mean what I mean here, so I say what I mean. Groups
> of people need a managing member that generates a symmetric encryption
> key and sends it to each member, using each member's public keys just
> once. Once a secret symmetric key is established, messages can be
> distributed using regular multicast strategies as all members can
> decrypt that. Only this spells true privacy within groups of people
> and thus the social network. 

My vision is that every user will have an OpenPGP keypair tied to their
GNU Social identity. This could be managed by the user or totally
transparent to the user (managed only within the UI). A group would just
be a set of key IDs to encrypt to.

signature.asc
Description: This is a digitally signed message part