#indiewebcamp

2011-07-31

lmorchard joined #indiewebcamp
gazoombo joined #indiewebcamp
spinnerin joined #indiewebcamp
tantek joined #indiewebcamp
spinnerin joined #indiewebcamp
spinnerin joined #indiewebcamp
spinnerin_ joined #indiewebcamp
<Loqi> [http://twitter.com/aaronpk] Turns out when you work under the #indieweb assumption that every person has their own domain, many problems become a lot easier to solve.
tantek joined #indiewebcamp
brennannovak joined #indiewebcamp
gazoombo joined #indiewebcamp
brennannovak joined #indiewebcamp
brennannovak joined #indiewebcamp
tantek joined #indiewebcamp
<aaronpk> tantek: I have a working prototype of IndieWeb Messaging!
<tantek> whoa!
<tantek> between which two sites?
<aaronpk> right now, myself and myself
<tantek> sweet!
<aaronpk> I'm going to put the code on github and get brennan to install it since he's right here next to me
<tantek> describe the protocol flow
<tantek> you're both at PIE?
<aaronpk> yea
<aaronpk> you're welcome to come by if you need a cool place to hack!
<tantek> aww - would except just got settled in with @erinjo at Crema on 28th
<aaronpk> ah cool
<aaronpk> ok i'll describe the flow, then I want to write a post about it
<aaronpk> I start out by logging in to my server, and go to the "new message" form: http://aaron.pk/snip/2011-07-31_1609.png
<aaronpk> I enter tantek.com and my message and hit "send"
<aaronpk> My server generates a unique message ID for this message and stores it locally,
<tantek> right, indieweb local storage of sent messages
<aaronpk> then it makes a POST request to http://tantek.com/ with this body: from:aaronparecki.com&text=hello&message_id=1234567890
<tantek> personal archive of all things you create - exactly
<aaronpk> Your server recognizes the POST request and message ID and attempts to verify that aaronparecki.com really did originate the message,
<aaronpk> it does this by sending a POST back to http://aaronparecki.com/ with the message_id parameter, and my server responts "confirmed" or "denied"
<aaronpk> if my server responds "confirmed", your server continues and delivers the message to you however you have it set up to do it
<tantek> ok, that's a good first iteration, now what about the potential abuse for DoS?
<aaronpk> this doesn't solve DoS or spam, but does confirm intent
<tantek> e.g. zombie army sends out posts to tons of other servers claiming to be delivering a message from yahoo.com
<tantek> then all those other servers immediately send the POST back to yahoo.com with the message_id param = DoS attack
<tantek> basically, with a simple cleartext callback, you can cause the callback to occur to another server = DoS potential
<aaronpk> right, but it was the simplest solution I could think of, I wanted to start from there and work forward
<tantek> makes sense
<aaronpk> I think the next best may actually be a public/private key solution to sign the message, but that starts getting complicated fast
<tantek> sure - PKI
<tantek> what about DNS lookup against the claimed from URL and seeing if it matches the IP of the sender?
<aaronpk> That works most of the time, but in my case it would actually fail.
<tantek> would that make for a simple 1 server with 1 IP workable solution?
<aaronpk> My server has three external IP addresses so its default gateway is not aaronparecki.com's IP
<aaronpk> but it would work if the server has only one external IP
<aaronpk> it would also be insecure if there were multiple domains on the same IP
<tantek> well, spoofable in those situations
<tantek> which is common in shared hosting setups
<aaronpk> right
<tantek> (I have that myself)
<tantek> do your 3 outbound addresses have unique subdomains?
<aaronpk> they are unique domains, not just subdomains
<aaronpk> email solves this problem by delegating via MX records, and uses SPF to create a whitelist of other servers that are allowed to send mail on that domain's behalf
<tantek> I feel like rel-me could help here
<aaronpk> can you elaborate?
<tantek> The problem here is trusting domains on behalf of other domains
<tantek> solving this would also solve a store-and-forward scenario.
<tantek> where you could pass a message to another server if the intended server was temporarily down, and have some agreement/policy on retry or drop within 24 hours or something
<aaronpk> isn't the problem being able to prove you are who you say you are?
<tantek> two problems
<tantek> 1) with 1 shared IP across multiple untrusted domains, avoid message falsification
<tantek> 2) with a domain that uses multiple IPs to send (each of which have their own domains) having a way to say, you can trust domain A on behalf of domain B
<tantek> 2) might be solvable with rel-me
<tantek> 1) is more challenging
<aaronpk> I feel like email has already solved #2 as well as store-and-forward
<aaronpk> there are also some decent solutions to #1 with email, but it quickly gets complicated to implement
<tantek> I think email got overly complicated because of the users at domains problem
<tantek> and it's obviously subject to spam
<tantek> so part of the goal here is to make it so that the protocol makes it too expensive to be worth being a spammer
<tantek> with from-domain verification
<aaronpk> brennannovak: https://github.com/aaronpk/IndieWeb-Messaging
<aaronpk> alright! We got it talking between aaronparecki.com and brennanovak.com now!
<aaronpk> brennannovak.com*
<brennannovak> w00t!!!!!!
<tantek> congrats aaronpk and brennannovak!
brennannovak joined #indiewebcamp
tantek joined #indiewebcamp
<tantek> aaronpk - sounds like you should add that Indieweb-messaging github to http://indiewebcamp.com/Projects :)
<tantek> so here's the question re: indieweb-messaging prove you are who you say you are -
<tantek> can OAuth 2.0 solve this problem for us?
tantek joined #indiewebcamp
<Loqi> [[User:Aaronpk]] http://indiewebcamp.com/wiki/index.php?diff=632&oldid=146&rcid=706 * Aaronpk * (+66) /* projects */
<Loqi> [[Special:Log/upload]] overwrite * Aaronpk * uploaded a new version of "[[File:aaronpk.jpg]]"
<Loqi> [[User:Aaronpk]] M http://indiewebcamp.com/wiki/index.php?diff=634&oldid=632&rcid=708 * Aaronpk * (-36) /* Aaron Parecki */
<Loqi> [[projects]] http://indiewebcamp.com/wiki/index.php?diff=635&oldid=626&rcid=709 * Aaronpk * (+698) /* experimental */ added info and links for IndieWeb Messaging
tantek joined #indiewebcamp
<aaronpk> good evening tantek!
<tantek> good evening!
<aaronpk> I talked about this protocol with Kyle and Brian this evening a bit
<aaronpk> We were thinking about other ways to handle identification
<aaronpk> but didn't come up with anything really compelling
<aaronpk> OAuth 2 doesn't really help, since OAuth is more about granting access to an existing account, and there are always three parties involved
<aaronpk> proving who you say you are will ultimately always require contact with the person in question, so it becomes either 1) ask if they sent the message, or 2) use their public key to verify the signature of the message
<aaronpk> that was our conclusion
tantek joined #indiewebcamp
<aaronpk> alright got a writeup http://aaronparecki.com/IndieWeb_Messaging
<aaronpk> brennannovak: ^^
<tantek> 1 sec bbiab
<tantek> oops
<aaronpk> cool well I'm pretty happy with the writeup and the live demo!
<aaronpk> not bad for a half day of hacking
<tantek> seriously - nicely done
<aaronpk> thanks!
<aaronpk> the post is supposed to be not overwhelming, so the reader might feel like they could implement it on their own site relatively easily, and not necessarily using the code I wrote
<brennannovak> very nice writeup aaronpk: great job!