Silk Road forums
Support => Feature requests => Topic started by: Tienamen on June 24, 2012, 11:39 pm
-
Hi-
I know a lot on SR don't understand Public/Private Key Encryption. However, for those that understand it and use it, I would like to have a place to post my public key where all users (mostly vendors) can find it without having to paste it into every single first time communication with a vendor (or every first time communication ever - most don't hang onto buyers' public keys, and I don't mind).
Even if you somehow validated the input so it only was a PGP key or something would be good... Don't want buyers posting random things on their pages probably (or selling outside the system).
If you validated inputs, you could perhaps force key strength as well - some vendors posted public keys are VERY short - meaning they're less useful than they should be. If you take the time to do it, may as well make it as strong as possible.
(Reminder that everyone should put their private keys on a USB drive, use free space wiper (over-write with random data) and keep it handy for quick destruction - manual or otherwise.)
-
it would be nice to have on the store, but a custom profile field in the forums for pgp key is doable on some forum software, and I am sure it can be done on SMF also.
-
I know a lot on SR don't understand Public/Private Key Encryption. However, for those that understand it and use it, I would like to have a place to post my public key where all users (mostly vendors) can find it without having to paste it into every single first time communication with a vendor (or every first time communication ever - most don't hang onto buyers' public keys, and I don't mind).
That would be very nice. Currently I use the forum thread for GPG keys and the Indymedia keyserver (which will almost certainly sync with clearnet keyservers). There are links to both in my signature.
Even if you somehow validated the input so it only was a PGP key or something would be good... Don't want buyers posting random things on their pages probably (or selling outside the system).
That should be doable. Although if it is just verifying an armoured block it would be possible to add an unencrypted ASCII-armoured block containing whatever text you wanted and the public key. That's not done as often these days, but it is still possible.
If you validated inputs, you could perhaps force key strength as well - some vendors posted public keys are VERY short - meaning they're less useful than they should be. If you take the time to do it, may as well make it as strong as possible.
You mean like this:
http://dkn255hz262ypmii.onion/index.php?topic=28474.0
-
I support this idea.
I'd like every user profile on this forum to have room for the following data:
- GnuPG Public Key
- GnuPG finger print
- Tormail Address
- Bitcoin Address
-
I support this idea.
I'd like every user profile on this forum to have room for the following data:
- GnuPG Public Key
- GnuPG finger print
- Tormail Address
- Bitcoin Address
Look at my sig. All those details are there (my key includes the Tor Mail address, anyone importing it will see that).
-
Look at my sig. All those details are there (my key includes the Tor Mail address, anyone importing it will see that).
Yes I saw that, and it´s a neat solution. However that eliminates the possibility to use your signature lines for.. well.. your actual signature line.
A dedicated space in the user profile seems like a more elegant solution.
Edit:
For vendors, a link to their listings could be added. Making the list:
- Silk Road Vendor profile
- GnuPG Public Key
- GnuPG finger print
- Tormail Address
- Bitcoin Address
-
Look at my sig. All those details are there (my key includes the Tor Mail address, anyone importing it will see that).
Yes I saw that, and it´s a neat solution. However that eliminates the possibility to use your signature lines for.. well.. your actual signature line.
Thanks, I'm certainly not the only one to do it though. As for other signature lines, I'm actually happy leaving it as it is. What else am I going to do? Quote Angel Heart?
Still, I see why others might prefer that information be elsewhere. I like not having to visit a separate page from a specific post to obtain a GPG key (other than where the key is).
A dedicated space in the user profile seems like a more elegant solution.
There is, of course, no reason why we can't have both. Which is why I support this.
Edit:
For vendors, a link to their listings could be added. Making the list:
- Silk Road Vendor profile
- GnuPG Public Key
- GnuPG finger print
- Tormail Address
- Bitcoin Address
Some already do.
-
Glad to see some are interested in this.... I just feel that as SR progresses, Strong Crypto will be part of what can help keep this community alive and happy.
Making a place dedicated to including this information I feel would be great. I have done the same as others including it in my sig on the forum. However, as I have different users for the forum and purchasing, I would like a place on SR the marketplace and SR the forum to post this info for all to see. Where all will know where to look...
Only a suggestion. I can live with the current state of affairs as well if necessary... Just took a little looking around to figure out how others are posting public keys... It isn't immediately apparent for new users as to where they can share their Public Key info....
-
it would be nice to have on the store, but a custom profile field in the forums for pgp key is doable on some forum software, and I am sure it can be done on SMF also.
It can be done on SMF, it is very easy and does not even require a mod to the board. You can do it in the admin menus. It is done on the Shroomtastic board and is set to display in the profile.
Seems like an easy enough change and one that would greatly help us using the SR Forum board and SR.
-
Thanks James! Glad to see some info on back-end of SMF. I would like to fomally suggest this to SRF Admins - if anyone reads this, please pass along.
I too feel it would be a good addition and added security for exchange of private conversations through the Forum. I still would like to push for the same functionality to be built into SR Buying/Selling platforms as well if possible.
-
I don't know what the purpose is of posting your PGP Fingerprint...
-
Thanks James! Glad to see some info on back-end of SMF. I would like to fomally suggest this to SRF Admins - if anyone reads this, please pass along.
They look great in the profile. Just added a text box field and set it to display in the profile. Here is a link to the profile on my SMF system.
http://xqz3u5drneuzhaeo.onion/users/jameslink/Forums/index.php?action=profile;u=2
-
I don't know what the purpose is of posting your PGP Fingerprint...
The fingerprint is used to correctly identify a key. Anyone can create a key in any name. I could, for example, create a key in the name of any of the vendors here and put it on the keyservers, but if a buyer confirms the fingerprint of a vendor's key by some other means (e.g. the SR message system) they can see that the key they may have obtained doesn't match. The correct fingerprint can the be used to obtain a key (if it is on the keyservers) and confirm it is correct.
Keys used by people with their real names are compared to fingerprints so that they can be publicly signed (as distinct from locally signed) to become part of the Web of Trust.
To see a list of obviously faked keys, go here:
http://qtt2yl5jocgrk7nu.onion/pks/lookup?search=president%40whitehouse.gov&op=vindex&submit=+Search+
To see a key in the Web of Trust with a large number of signatures, go here:
http://qtt2yl5jocgrk7nu.onion/pks/lookup?search=0xF5C75256&op=vindex&fingerprint=on&submit=+Search+
That second one is a Debian developer who has done a fair bit of crypto work. Another good example from within the Web of Trust is Werner Koch, the author of GPG:
http://qtt2yl5jocgrk7nu.onion/pks/lookup?search=0x1E42B367&op=vindex&fingerprint=on&submit=+Search+
-
I don't know what the purpose is of posting your PGP Fingerprint...
If you got the key somewhere else, then you can use the GPG fingerprint to check if it's the same one.
-
Glad to see people think this is a good idea. I just think that facilitating use of PGP on the site wherever possible would be a VERY good idea. Hopefully an admin comes across this....