#indiewebcamp

2011-07-31

# lmorchard joined #indiewebcamp
# gazoombo joined #indiewebcamp
# spinnerin joined #indiewebcamp
# tantek joined #indiewebcamp
# spinnerin joined #indiewebcamp
# spinnerin joined #indiewebcamp
# spinnerin_ joined #indiewebcamp
#
Loqi
[http://twitter.com/aaronpk] Turns out when you work under the #indieweb assumption that every person has their own domain, many problems become a lot easier to solve.
# tantek joined #indiewebcamp
# brennannovak joined #indiewebcamp
# gazoombo joined #indiewebcamp
# brennannovak joined #indiewebcamp
# brennannovak joined #indiewebcamp
# tantek joined #indiewebcamp
#
aaronpk
tantek: I have a working prototype of IndieWeb Messaging!
#
tantek
whoa!
#
tantek
between which two sites?
#
aaronpk
right now, myself and myself
#
tantek
sweet!
#
aaronpk
I'm going to put the code on github and get brennan to install it since he's right here next to me
#
tantek
describe the protocol flow
#
tantek
you're both at PIE?
#
aaronpk
yea
#
aaronpk
you're welcome to come by if you need a cool place to hack!
#
tantek
aww - would except just got settled in with @erinjo at Crema on 28th
#
aaronpk
ah cool
#
aaronpk
ok i'll describe the flow, then I want to write a post about it
#
aaronpk
I start out by logging in to my server, and go to the "new message" form: http://aaron.pk/snip/2011-07-31_1609.png
#
aaronpk
I enter tantek.com and my message and hit "send"
#
aaronpk
My server generates a unique message ID for this message and stores it locally,
#
tantek
right, indieweb local storage of sent messages
#
aaronpk
then it makes a POST request to http://tantek.com/ with this body: from:aaronparecki.com&text=hello&message_id=1234567890
#
tantek
personal archive of all things you create - exactly
#
aaronpk
Your server recognizes the POST request and message ID and attempts to verify that aaronparecki.com really did originate the message,
#
aaronpk
it does this by sending a POST back to http://aaronparecki.com/ with the message_id parameter, and my server responts "confirmed" or "denied"
#
aaronpk
if my server responds "confirmed", your server continues and delivers the message to you however you have it set up to do it
#
tantek
ok, that's a good first iteration, now what about the potential abuse for DoS?
#
aaronpk
this doesn't solve DoS or spam, but does confirm intent
#
tantek
e.g. zombie army sends out posts to tons of other servers claiming to be delivering a message from yahoo.com
#
tantek
then all those other servers immediately send the POST back to yahoo.com with the message_id param = DoS attack
#
tantek
basically, with a simple cleartext callback, you can cause the callback to occur to another server = DoS potential
#
aaronpk
right, but it was the simplest solution I could think of, I wanted to start from there and work forward
#
tantek
makes sense
#
aaronpk
I think the next best may actually be a public/private key solution to sign the message, but that starts getting complicated fast
#
tantek
sure - PKI
#
tantek
what about DNS lookup against the claimed from URL and seeing if it matches the IP of the sender?
#
aaronpk
That works most of the time, but in my case it would actually fail.
#
tantek
would that make for a simple 1 server with 1 IP workable solution?
#
aaronpk
My server has three external IP addresses so its default gateway is not aaronparecki.com's IP
#
aaronpk
but it would work if the server has only one external IP
#
aaronpk
it would also be insecure if there were multiple domains on the same IP
#
tantek
well, spoofable in those situations
#
tantek
which is common in shared hosting setups
#
aaronpk
right
#
tantek
(I have that myself)
#
tantek
do your 3 outbound addresses have unique subdomains?
#
aaronpk
they are unique domains, not just subdomains
#
aaronpk
email solves this problem by delegating via MX records, and uses SPF to create a whitelist of other servers that are allowed to send mail on that domain's behalf
#
tantek
I feel like rel-me could help here
#
aaronpk
can you elaborate?
#
tantek
The problem here is trusting domains on behalf of other domains
#
tantek
solving this would also solve a store-and-forward scenario.
#
tantek
where you could pass a message to another server if the intended server was temporarily down, and have some agreement/policy on retry or drop within 24 hours or something
#
aaronpk
isn't the problem being able to prove you are who you say you are?
#
tantek
two problems
#
tantek
1) with 1 shared IP across multiple untrusted domains, avoid message falsification
#
tantek
2) with a domain that uses multiple IPs to send (each of which have their own domains) having a way to say, you can trust domain A on behalf of domain B
#
tantek
2) might be solvable with rel-me
#
tantek
1) is more challenging
#
aaronpk
I feel like email has already solved #2 as well as store-and-forward
#
aaronpk
there are also some decent solutions to #1 with email, but it quickly gets complicated to implement
#
tantek
I think email got overly complicated because of the users at domains problem
#
tantek
and it's obviously subject to spam
#
tantek
so part of the goal here is to make it so that the protocol makes it too expensive to be worth being a spammer
#
tantek
with from-domain verification
#
aaronpk
brennannovak: https://github.com/aaronpk/IndieWeb-Messaging
#
aaronpk
alright! We got it talking between aaronparecki.com and brennanovak.com now!
#
aaronpk
brennannovak.com*
#
brennannovak
w00t!!!!!!
#
tantek
congrats aaronpk and brennannovak!
# brennannovak joined #indiewebcamp
# tantek joined #indiewebcamp
#
tantek
aaronpk - sounds like you should add that Indieweb-messaging github to http://indiewebcamp.com/Projects :)
#
tantek
so here's the question re: indieweb-messaging prove you are who you say you are -
#
tantek
can OAuth 2.0 solve this problem for us?
# tantek joined #indiewebcamp
#
aaronpk
edited /User:Aaronpk (+66) "/* projects */" (view diff)
#
aaronpk
edited /Special:Log/upload () "uploaded a new version of "[[File:aaronpk.jpg]]"" (view diff)
#
aaronpk
edited /User:Aaronpk (-36) "/* Aaron Parecki */" (view diff)
#
aaronpk
edited /projects (+698) "/* experimental */ added info and links for IndieWeb Messaging" (view diff)
# tantek joined #indiewebcamp
#
aaronpk
good evening tantek!
#
tantek
good evening!
#
aaronpk
I talked about this protocol with Kyle and Brian this evening a bit
#
aaronpk
We were thinking about other ways to handle identification
#
aaronpk
but didn't come up with anything really compelling
#
aaronpk
OAuth 2 doesn't really help, since OAuth is more about granting access to an existing account, and there are always three parties involved
#
aaronpk
proving who you say you are will ultimately always require contact with the person in question, so it becomes either 1) ask if they sent the message, or 2) use their public key to verify the signature of the message
#
aaronpk
that was our conclusion
# tantek joined #indiewebcamp
#
aaronpk
alright got a writeup http://aaronparecki.com/IndieWeb_Messaging
#
aaronpk
brennannovak: ^^
#
tantek
1 sec bbiab
#
tantek
oops
#
aaronpk
cool well I'm pretty happy with the writeup and the live demo!
#
aaronpk
not bad for a half day of hacking
#
tantek
seriously - nicely done
#
aaronpk
thanks!
#
aaronpk
the post is supposed to be not overwhelming, so the reader might feel like they could implement it on their own site relatively easily, and not necessarily using the code I wrote
#
brennannovak
very nice writeup aaronpk: great job!