PullJosh
commented
6 years ago You'll have to excuse my naivety, but how does that sort of thing work? :3
Open MegaApuTurkUltra opened 6 years ago
PullJosh
commented
6 years ago You'll have to excuse my naivety, but how does that sort of thing work? :3
bates64
commented
6 years ago @PullJosh magic. :sparkles:
joker314
commented
6 years ago So would users upload keys to the client in the user settings section, and then it just signs the message? We should add some kind of "Verified" symbol then, next to the message, to show it was signed -- like GitHub.
How, though, do we exchange public keys -- and make sure they are associated to particular user accounts?
MegaApuTurkUltra
commented
6 years ago ^ this is a problem not even matrix has solved yet. For now, we could give users a dialog with key fingerprints and ask them to click verify or blacklist kind of like matrix. Later on, we could support a web of trust where admins can sign other people's keys and then those people can sign other keys etc, kind of like GPG
joker314
commented
6 years ago Sounds good! I assume we store keys in localStorage (that way no server can get their evil hands on them) [as well as the verified/blacklisted data, it can't be stored on the server because then they could verify an evil signature]
I'm quite interested in implementing this, but I'd be really bad at it because I'm not familiar with the codebase. @towerofnix is assigned, so I'm happy to leave it to them to implement (if they want to).
bates64
commented
6 years ago @joker314 wait for preact (#259) to be done before trying to implement this; it's pointless otherwise - plus the rewritten client/decent.js is a lot simpler.
We may want to consider adding ?string message.signature to the 1.0.0-preview spec, or add it in a minor release 1.1.0.
pls and thanks