[OLPC-devel] GPG and a centralized Contact list

MBurns maburns at gmail.com
Mon Sep 4 20:46:32 EDT 2006


I'd like to get some feedback on what has been done/talked about with
regards to the authentication problem of ad hoc messaging. This is
something that is repeatedly warned about on the Wiki [1] but with no
clear solution proposed.

First, with regards to the Buddy List/Contacts list, has a unified
Contact list been considered (similar in function to Apple's Address
Book)? In which IM, Chat and Email (along with any other services)
could have a single framework for displaying who is available for
contact. This would likely be done using the standard vCard file
format. Having a single place for Contact management makes it easier
for children to find their existing friends on other services (one
consistent username for chat rooms, email, IM).

Extending that idea with regards to authentication; has the adoption
of GPG been considered? Imagine:

*Upon first use of the OLPC, the child's introduction/script walks
them through filling out some basic information about themselves
(username, password, etc).
*During this process, the script could easily generate a
private/public key pair(a password/passphrase and some required
entropy).
*From these two things, the script could generate a vCard representing
that child which would include any requisite contact information,
name/alias, location and generated public key.

Now, when any application on the Laptop wished to add a buddy (for
Instant Messaging, lets say), it would become an act of downloading
that child's vCard. This process could optionally include an exchange
of public keys(or the entire vCard) from the requesting Buddy.

With that, the two children will have exchanged contact and encryption
information. Now, when either of those children are later on a
wireless mesh network without a central server for authentication,
they will be able to cryptographically ensure that they are talking to
the right person. This also has the side benefit of being able to
encrypt/sign communication between any two 'friendly' laptops.

I am interested in any thoughts.

Michael Burns
Network Engineering
Oregon State University

[1] http://wiki.laptop.org/go/Instant_messaging_challenges



More information about the Devel mailing list