Request for App: Messaging app

[pstan26]

Create an app that utilizes the email address of the user and uses the public key of each users zone file to encrypt and confirm messages sent. (Transcribing from a one off convo with @jcnelson so hopefully everything is there to piece that together :-) )

[vsund]

I think this would be easier if you do this as integration (I think Matrix matches perfectly).

With Blockstack's capabilities Matrix could retrieve their handles and device keys from a given Blockstack ID and then do their chats as usual. With Blockstack's storage provider you could even store your own chat history in your profile.

[pstan26]

@vsund thats sounds neat. Do you know what the scope of building something basic is?

[vsund]

I talked with @ara4n some days ago and he said that they search a decentralized identity system but have a few requirements:

• registering should be free (should be possible after sub namespaces are implemented)
• verified emails (should be possible with 3rd party attestors or with some DKIM magic)
• no trust at the middle of the network (which Blockstack fulfils by design)

With these things done, one could start the integration. But all in all I think the guys at Matrix are interested in realising this too :)

[pstan26]

Yep, that's completely fair, would be interesting to realize. Would love to hear @jcnelson or @ara4n's thoughts are on this.

[ara4n]

So: on the Matrix side we're very much (still) looking for a decentralised identity system that could help users discover each other based on existing identifiers when starting a conversation. The requirements are:

• A way for users to reliably assert ownership of a given identifier (e.g. email address). This means not blindly trusting a centralised email verifying service, but instead using DKIM and/or some kind of identity key signing to let the mailserver or end-user prove ownership.
• Alternatively, if one uses centralised verifying services, you need a way to track the reputations of their identity claims. So for something unavoidably centralised such as MSISDN verification, you'd have a way to establish whether you trusted the reputation of the 2FA vendor(s) who made the claim.
• We don't want users to ever have to pay to use the system (especially with a cryptocurrency)

From speaking to @muneeb-ali at DWS last year, I got the impression that the identity verifying services are assumed to be trusted - and blockstack concerns itself with maintaining the ledger of the claims, rather than tracking the reliability of the verifiers. I also got the impression that whilst blockstack was currently subsidising the cost of adding records, this was a temporary bootstrapping measure in the grand scheme of things.

Matrix should be a good fit for a blockstack-powered messaging system, assuming that blockstack could solve the identity piece!

[jcnelson]

Hey @ara4n, good to hear from you!

Blockstack gives users the ability to associate arbitrary off-chain data with their on-chain name and public key. This could easily include both a DKIM signature as well as any additional 3rd party attestations. The integration software could be written to query these attestations as part of the authentication process.

I got the impression that the identity verifying services are assumed to be trusted - and blockstack concerns itself with maintaining the ledger of the claims, rather than tracking the reliability of the verifiers

This is true. The user (or application) decides which claims are meaningful. We believe that determining the trustworthiness of a particular verifier is beyond the scope of an identity system, since it's fundamentally a social problem.

I also got the impression that whilst blockstack was currently subsidising the cost of adding records, this was a temporary bootstrapping measure in the grand scheme of things.

Yes, this is the case. Even if names had no cost of their own and didn't expire (both of which are supported in Blockstack), someone would still need to pay the transaction fee. We rely on this to both reduce spam and to rate-limit writes to the system (i.e. a node's local state cannot grow or mutate faster than the underlying blockchain).

Matrix looks like a really cool system! I'd love to add support for it. We anticipate that many Blockstack applications will need a generic multicast notification mechanism (e.g. "You have mail", "a new forum post was added", "a new tweet arrive"), and we plan to add a driver model for using existing messaging systems to transport notifications. I was planning on using IRC at first, but if Matrix is more stable and more resilient to network partitions, we can go with Matrix instead :)

[ara4n]

Hopefully Matrix surpasses IRC in pretty much every way, being an open global decentralised network providing free-form JSON pubsub & persistence, signed into merkle dags, and end-to-end encryption via https://matrix.org/git/olm. Admittedly we're still late beta, but in practice there a few thousand servers out there, >1M users, >200K rooms, and generally things work pretty well. The biggest issue right now is that latency & throughput isn't quite as good as something simple like IRC, but we're getting there :)

Ignoring the question of tracking the reputation of centralised ID brokers (e.g. if a 2FA MSISDN vendor can be trusted or not), I'm unclear why nobody has set up email verification servers publishing proofs into blockstack based on DKIM or similar to try to prove the authenticity of emails claims. For that matter, I'm unclear as to why keybase doesn't do email proofs either.

Surely someone's doing this already? And if not, why not?

[muneeb-ali]

@ara4n Great to see this discussion!

A truly decentralized chat/messaging service is the dream.

I think that as a first step, just allowing human-readable names in a namespace tied to public-keys can be really helpful. Imagine signing into Matrix without passwords and with a username/identity that you own. (That's less load on your servers and no need to maintain user information.)

Identity proofs are the next step i.e., linking your Twitter, Github, domain etc. Email is more complex but we can brainstorm more about it.

We're planning to fork Discourse (which we use on http://forum.blockstack.org) and enable logging in with Blockstack.

Can we try to do something similar with Matrix? It'd be a great concrete thing to hack on. We have around 2,500 members on our Slack (http://chat.blockstack.org/) and we're open to transitioning to a decentralized chat that supports logging in with Blockstack.

[ghost]

There is as well a Tox project which aims at full decentralization of a messaging system. Convenient naming is based on in-house DNS. Seems like Blockstack is a perfect candidate for pairing with Tox Protocol. We should definitely get in touch with Tox community to discuss this possibility.

Though, I don't see a workaround for bootstrapping and running blockstack nodes on a mobile device in a decentralized environment (that is a necessary property for the messaging system in my opinion). edit: SNV could work. But information about light clients just disappeared from Blockstack resources.

[muneeb-ali]

@i1o thanks for reaching out! Tagging @pstan26 as well.