March 19th, 2002

belize

Verifiable AIM conversations

Digitally signed messages are cool, but it requires the entire message be signed and sent-along to be verified. I thought it'd be cool if you could get a digitally signed message from somebody, forward a snippet of it along to somebody else, and still have that snippet be verifiable. (please, stop... I know all the arguments against why this would be a bad thing.)

But, I got thinking about the topic of verifiable AIM conversations. There, the idea of verifying any range of a conversation is important, especially as there is no state to an IM "session" with somebody.

So what we need is rolling signing. But you can't just have the server sign each line of text back and forth, though, because then lines of text can be removed/reordered and it'd still pass as authentic.

My idea: the server gives each line of conversation a unique identifier, and stamps each line with the identifier of the most immediately preceding line of text in the conversation (whether it be from either party), so long as it's within the last few hours (so the server doesn't have to store n^2 "lastid" strings). And a signature of its server key, which may change over time. Then, the server also sends back to the clients:

uniqueid
lastid
text (which includes, say, the "From:" field, for simplification)
HashOfChoice( uniqid + lastid + text + server_key )

Now, the client logs all that (just as gaim and other clients do), and AIM provides a verify service in the TOC/OSCAR protocol where you give uniqueid/lastid/text/hash and see if the hash is valid.

The server won't need to care about deleting/reordering validation ... that can all be done by the client with the uniqueid/lastid fields. And if a part is deleted, the client can just say, "these two ranges are verified, but something's missing here."

The only extra cost for the server is maintaining the "lastid" fields, which are temporal.

Beautiful, no? Then people could actually prove snippets of AIM conversations took place and weren't forged.

Punch a hole in my idea, cryptanalysts!
belize

Sugar DVD

My last entry was too geeky, so....

My buddy friend Todd, the dude that taught me Unix and held my hand for many many months while I made freevote.com, has just launched his new website, which I will now promote:

http://www.sugardvd.com/

Todd and Jesse rule. Go sign up with Sugar DVD and get yourself some porn.

Thank you.
That is all.

P.S. I have another friend that's launching a bad-ass service in a couple months that I want to promote the hell out of. But it's top secret. Sorry. More on that in a couple months. That is all. Bye.
belize

XML, Dick's, and force fields.

I went to SPUG, hoping to both see Evan and learn something, but Evan wasn't there and the spoon-feeding of XML syntax bored me within minutes and I left to find food.

After Dick's I pondered the social and ethical implications of impossible ideas like a force field around cars that would stop moving if contacted, such that one would be invinsible so long as the collision came from the side or back. Implication: the person hitting you would get fucked up a lot more.

Still tired, as a result of last night's Dante's lateness. Much to write tonight, though finding the energy will be difficult.
belize

85hz... rock

So, I have two ADI 6P monitors side-by-side. One I had in 85 Hz, the other was in 75. I noticed the slower one kinda flickering and thought, "damn, how long's it been like that?" I bumped it up and damn it be lookin' fine.

That is all.

Revised topic: tell me your dreams about me.