This is a RFC stage spec. It means it is not yet mature, and you are more than welcome to help refining it. The preferred avenue is through making comments below.
1. At startup, programi reads from local configuration filesii :
- A public/private keypairiii ; a "for" key fingerprintiv ; a local salt.
- A list of IPs, each with an associated public key, a "for" field containing a key fingerprint, a pgp-signed document by the for key certifying the validity of the IPs public key with an expiration unixtimev in case the for field differs and a nickname.
- A list of key fingerprints, with associated trust ratings as signed integer and a comment, signed by the "for" key.
2. Program connects to each of the IPs listed on port 1337, sends a Hello packet encrypted to that IPs public key containing its public key, its "for" fingerprint, a signed certificate for the IP fingerprint if necessary, a session salt derived from hashingvi some source of entropyvii with its local salt and a nonce. Each subsequent packet will increment that nonce by 1.
3. While functioning, program will accept connections on 1337 by listed IPs only.
4. While functioning, program will maintain a bundle of current public messages, composed of the "for" key fingerprint, a timestamp, a text field. Every second, for each IP in its list, program will add a a hash of the timestamp with the proper session salt for each session, encrypt the bundle to that session's destination IP and send it over.
5. While functioning, program will process bundles sent by open sessions, decrypting the sent bundle, verifying timestamp hash matches timestamp, and updating its own bundle to insert any missing messages. Any errors or unexpected conditions dropped to log.
6. While functioning, program will display current bundle of messages to user, something like :
FB0A C0EB 867C 3172 ADCF 5DD1 46FD 816F 1020 ED78 for 6160 E1CA C8A3 C529 66FD 7699 8A73 6F0E 2FB7 B452 1420477939 Hi there
The "fingerprint for fingerprint" part should be maskable by the user, through allocating any arbitrary nickname he wishes to any fingerprint or combination thereof.
7. While functioning, program will accept messages from the user, format them accordingly and insert them in its current bundle.
8. Private message functionality should be implemented as direct-link exceptions : messages received from an IP and originating from that same IP are to be treated as private messages to the user, not included in the public bundle and reported separately.
9. Program will not communicate the IPs of any of its correspondents to any of its correspondents. Program will not respond to any requests coming on port 1337 from IPs not in its list.
10. Program will compile the Web of Trust based on the signed lists received from its correspondents and display it to the user.
UPDATE, Jan 6th : As per discussion on b-a, Artifexd will be in charge of this project.
———- You can write it in whatever you please as long as it compiles on linux. [↩]
- These must be text files. [↩]
- Steal gpg code - any version prior to the Snowden defection. [↩]
- Full fingerprints are always used, everywhere, throughout. [↩]
- There should be a special, fixed format for these. [↩]
- All references to hashing require sha-512, no exception. [↩]
- Such as urandom. [↩]