![]() ![]() It keeps secure the members of the communication: not only is the content of messages protected, but the It is a unified system that encrypts every message. using BitMessage).Bitmessage is a trustless, decentralized peer-to-peer messaging protocol (very similar to Bitcoin). really is Alice's address step 2: send a message to BM‐2nTX1Kc. I think that something like PGP's web of trust could be implemented on top of BitMessage to provide identity verification: such authentication is not incompatible with BitMessage, but it seems to be a service that would exists independent of BitMessage (i.e., step 1: verify that BM‐2nTX1Kc. The primary use for BitMessage (as presented in the paper, anyway) seems to be the ability to sent messages that are from a cryptographically verified source, but that source is free to avoid identifying themselves in any real-world way. This would allow an individual or organization to anonymously publish content using an authenticated identity to everyone who wishes to listen. Even if throw-away email addresses are used, users must connect to an email server to send and retrieve messages, revealing their IP address.Īnd when talking about broadcast messages (emphasis mine): In fact, the lack of connection between an address and a real-world entity seems to be branded as a feature: Maybe so, but if they did, that's not a problem that Bitmessage is designed to solve. then, you use the Bitmessage system to encrypt your message so it is readable only by Alice's private key.īut how did you know that BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE is really Alice's address? Maybe someone printed out fake business cards, or hijacked Alice's website to change her address. ![]() When you have fetched the key, you quickly verify that its fingerprint matches the one in Alice's address. You make a P2P Bitmessage request to get the public key associated with BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE. Alice advertises her Bitmessage address (e.g., on her business cards, on her public website, etc.) as BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE. Thus, there is nothing to verify: when you send a message to user with public key P, you don't need to verify that your recipient's public key is really P, because you have identified your recipient solely by his public key.Īs for how to tell if a public key belongs to a particular real-world entity: you can't, just as you can't easily verify that a particular email address belongs to a particular real-world entity.įor example, you want to send Alice a message. It appears that a user's public key (or, a hash of their public key) is their messaging address. an example address would be: BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE. If the public key can be obtained by the underlying protocol, then it can easily be hashed to verify that it belongs to the intended recipient. We propose a system where users exchange a hash of a public key that also functions as the user’s address. Since only the actual recipient can successfully decrypt the messages intended for him, all network participants know that if they fail to decrypt the message then the message was not intended for them. Therefore, every network participant tries to decrypt every message passing through the network even if the message was not originally intended for that network participant. Outgoing messages contain no explicit address of the recipient of the message.
0 Comments
Leave a Reply. |