[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Social-discuss] On the architecture of a GNU Social node

From: Ted Smith
Subject: Re: [Social-discuss] On the architecture of a GNU Social node
Date: Sun, 25 Apr 2010 15:44:55 -0400

On Sat, 2010-04-24 at 09:00 +0200, Eduardo Lima Mitev wrote:
> A have a couple of concerns about your model that you could probably 
> clarify:
>       -) Why do you consider that a core-transport differs from a 
> UI-transport, to separate them in two different components? In practice, 
> UI-transports could be used as core-transports and vice-versa in some 
> cases. (e.g. you can have DBus between two peer cores; a peer doing 
> long-polling to other peer through HTTP; a web UI connecting to a peer 
> through secure web-sockets (wss), etc).
It's certainly true that there will be a lot of overlap between core and
UI transports (for instance, I expect TCP will be the first for both).

However, the job of a core transport is for the core to communicate with
other cores, whereas the job of a UI transport is to expose enough API
for UIs to control the core. That's why I think it's worth separating
them into discrete components.

>       -) In the case of web-based UIs, we would have to figure out how to 
> properly implement the end-to-end encryption when a PGP model is used. I 
> mean, if a user A encrypts a message for user B using PGP, and B is 
> using a web-based UI, probably the peer of user B will have to 
> participate and decrypt the message, before routing it to user's browser 
> through the HTTPS channel. Solution to this would be to implement some 
> kind of logic in the Core, to allow "processing" messages as they change 
> from one transport to another.
By "peer" in "the peer of user B", do you mean "core?"

I don't want *any* encryption or decryption of the things that are
end-to-end encrypted done in the core. In the case of a web UI, we'll
have to figure out how to implement it in javascript or browser plugins.
Doing crypto on the core for traffic that operates at a conceptually
higher level than the core (user to user versus node to node) ruins the
point of end-to-end crypto.

> PS: do you connect to our IRC room #social? what's your nickname?

My IRC nick on freenode is eridu.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]