Distributed Address Book - monday 2003-12-15 0559 last modified 2003-12-19 0602
Categories: Nerdy
TrackBacks Sent: None

I would like to have an address book where everybody maintains their own information and the book automatically updates all contact information after perusing the web for it. I want it to be secure so spammers and general miscreants don't find out how to locate me. [Ed. retrospective: these sentences sound rather snotty. Perhaps they should read 'An ideal address book system would have...' instead of 'My opinion matters a lot...']

I've decided this little application could be best implemented by securing contact information via public/private key cryptopgraphy. Consider the following situation, and please inform me if my wits have left me.

I have public contact information, private contact information, a public key that anyone can find out, and a private key that only I know. A friend has a private key and a public key as well.

Any old person can ask for my public information and get back some subset of all information. Good for them.

A friend will send a request encrypted with their private key and signed by their public key. I have a list of trusted public keys (how I get them is not addressed at this point). If their key is on my list, I'll try to decrypt their request and verify that they indeed made it (and if either step fails, I'll log who was trying to fake it). Once I do, I'll take my private information, encrypt it with my private key, then encrypt the result with their public key. The final message will be tramsitted back to them where they'll decrypt with their private key and then decrypt with my public key (again performing verification steps to guarantee that I am who I say I am). And there you go - secure information transmitted in the clear.

I'll have to go back to my old notes to see if I made any blatant blunders in the tricky fields of authentication and security. This system requires that the URL of someone's contact information never change (and thus I would suggest getting a PURL) and that some trusted server-side computing be done.

Comments

no, youve totall...

no, you've totally messed it up... you misspelled "tramsitted".

Matt Libby on December 16, 2003 03:45 PM

Sigh, I knew I...

Sigh, I knew I was just being delusional.

Ryan Lee on December 19, 2003 05:32 AM

You must login to leave a comment

TrackBacks

No TrackBacks for this entry.