Display geographic or other identifying information for notaries

[daveschaefer]

Feature request via email: Can we display geographic information (or any other identifying information) to help distinguish notaries

Currently notaries do not present any distinguishing characteristics, so the user has no way to know which notaries to choose or why they might prefer one over the other. It would be useful to show information such as a rough geographic location (e.g. the Country).

This could be a value that the notary owner enters, though I imagine some hosted notaries might have a changing location, or not know their location.

Discussion thread on the mailing list: https://groups.google.com/forum/#!topic/perspectives-dev/szqkIJT3Ds0

[daveschaefer]

Eventually we may want to publish notary info as a signed XML file. Then it can contain many pieces of information such as geographic location, a contact email, and all of the existing info you need to add a notary to your client: public key and URL. This would also allow notaries to have multiple public keys, which would be useful for upgrading to a new key or changing the SSL certificate.

An xml file could also be helpful for adding notaries to your browser: instead of having to copy/paste the signature text you could click on a file, Perspectives would validate it, and add the notary to your list if the signature matched.

[ghost]

Here are some links for CC flag packs all of which use the ISO 3166-1 alpha-2 country codes: http://www.famfamfam.com/lab/icons/flags/ http://flag-sprites.com/ http://www.free-country-flags.com/ https://github.com/lafeber/world-flags-sprite/tree/master/images

Personally I like the famfamfam's best.

[ghost]

I think most notary operators will simply forget to fill in the country field, so we might need to rely on geo IP information. Btw: Is it possible for an attacker to distort the servers IP even though the certificate is correctly validated (to manipulate the servers actual location)?

[mwgamera]

Depends where the attacker is, but it's definitely not impossible because IP address is not authenticated in any way by Perspectives. You would only need to forge DNS reply to point to your own server with your chosen IP (easy for ISP or Wi-Fi owner unless something like DNSSEC is used and victim verifies it) and then just forward the connection to the real notary so that everything looks okay and certificate validates.