search

alnf / toxcore

The future of online communications.
https://tox.im
GNU General Public License v3.0
7 stars 0 forks source link

wishlist: authenticate friends #8

Closed aaannndddyyy closed 9 years ago

aaannndddyyy commented 9 years ago

In smaller groupchats it might be desireable to really know who you are talking with. So there shouldbe an option to authenticate the group memebers as being the same ones you have on your friends list, if they agree, leveraging the pm feature.

aaannndddyyy commented 9 years ago

I am aware that a user could simply ask another user in pm to be sent his tox id. but there is no signing involved, so no security. If you receive an authentication request, and you decide to authenticate to that user (you disclose your real id then), you'd have to send him your real pk which you signed with your real sk. Of course, in an automated way.

alnf commented 9 years ago

Probably should be merged with #6, cause the functionality is almost the same.

aaannndddyyy commented 9 years ago

Almost same but not identical. Could be merged anyway, I just don't know how to merge. This ticket here is about the case when you already have a peer in your friendlist. Due to the anon nature of groupchats you do not know if it is really him/her when you see him/her in a groupchat. Generally, it is good to have the possibility to remain unrecognized. but sometimes you want to know if Pete is really Pete. This is not a very fundamental issue, more a convenience one, because if you have Pete in your friends list, you could always send him a message to his real id and ask whether he is or is not in the given groupchat with that nick. But having to do that is clumsy.

Maybe you should have the option to join a chat either with a new 'anon' or using real pk just like now. I don't know if that would be a lot of work, then it should not be done. but if it is just handing over a different argument to some functions, then this could be a good thing. Then ideally, when you enter a gc, you could choose whether you join it anon, or with your real id. Then your client would automatically display the same nick as on your friends list (either the one sent by that peer or the local alias you set for him), with the client displaying known peers in a different color than unknown ones.

aaannndddyyy commented 9 years ago

So there should be both options: 1) to join a groupchat non-anonymously using your real key. Then all your friends in that group immediately see who you are. 2) to join anonymously but reveal your id to selected peers.

For 2 we'd use #6. With the change that no adding to friend list takes place.

alnf commented 9 years ago

@JFreegman I think this is a client level feature, cause we are not going to use real tox id within groupchat. So, if someone wants to identify their friends, he can tag them inside peer list in his client.

JFreegman commented 9 years ago

Just ask them for their public key in a private message. If you want to verify just talk to them over friend messages. I want to keep friend/group inter-functionality to an absolute minimum. Clients can do whatever they want.