init-js
commented
5 years ago Yes. Public identifiers might be friendlier to use. I find it interesting that the p2p layer can use a different set of keys than the application layer.
If the user's pub keys used in the application layer (distort) protocol were posted on social media, it doesn't immediately strike me as necessary that the distort certs need to be bound to the ipfs node id (network overlay) -- the crypto itself does the routing. Trusting the identities and certs on social media allows you to "cut-the-middleman", so to speak. In other words, if all you want is to write a distort message for "@bob", knowing bob's ipfs keys may not be necessary.
That said, if the certificate on social media were to include the ipfs nodeid (or cert), there might be a neat way to verify the association with a challenge-response sent over ipfs. This construction would allow sending messages to, e.g. "the ipfs nodeid owned by @ bob on twitter", or performing the opposite lookup (find the social media account attached to an ipfs node), which may be useful. Not 100% sure whether having the two ids bound has any implications on anonymity, but there's probably a careful way to do it.
ryco117
Right now communication with a peer (the human identity) is only secure under the assumption that you have the correct IPFS node ID for the intended peer. Since the average computer user may find it difficult to reliably associate a human with such an abstract online entity, it may be worthwhile to automate a process for linking the IPFS identity to (multiple) social media identities. Thus anyone confident in the intended recipient's social media account(s) can confidently derive the peer's IPFS identity and then continue DistoRt communication as normal.