16:05 <aaronpk> tantek: I have a working prototype of IndieWeb Messaging!

16:06 <tantek> whoa!

16:06 <tantek> between which two sites?

16:06 <aaronpk> right now, myself and myself

16:06 <tantek> sweet!

16:06 <aaronpk> I'm going to put the code on github and get brennan to install it since he's right here next to me

16:06 <tantek> describe the protocol flow

16:06 <tantek> you're both at PIE?

16:06 <aaronpk> yea

16:07 <aaronpk> you're welcome to come by if you need a cool place to hack!

16:07 <tantek> aww - would except just got settled in with @erinjo at Crema on 28th

16:07 <aaronpk> ah cool

16:07 <aaronpk> ok i'll describe the flow, then I want to write a post about it

16:10 <aaronpk> I start out by logging in to my server, and go to the "new message" form: http://aaron.pk/snip/2011-07-31_1609.png

16:10 <aaronpk> I enter tantek.com and my message and hit "send"

16:10 <aaronpk> My server generates a unique message ID for this message and stores it locally,

16:10 <tantek> right, indieweb local storage of sent messages

16:10 <aaronpk> then it makes a POST request to http://tantek.com/ with this body: from:aaronparecki.com&text=hello&message_id=1234567890

16:11 <tantek> personal archive of all things you create - exactly

16:11 <aaronpk> Your server recognizes the POST request and message ID and attempts to verify that aaronparecki.com really did originate the message,

16:11 <aaronpk> it does this by sending a POST back to http://aaronparecki.com/ with the message_id parameter, and my server responts "confirmed" or "denied"

16:12 <aaronpk> if my server responds "confirmed", your server continues and delivers the message to you however you have it set up to do it

16:12 <tantek> ok, that's a good first iteration, now what about the potential abuse for DoS?

16:12 <aaronpk> this doesn't solve DoS or spam, but does confirm intent

16:12 <tantek> e.g. zombie army sends out posts to tons of other servers claiming to be delivering a message from yahoo.com

16:13 <tantek> then all those other servers immediately send the POST back to yahoo.com with the message_id param = DoS attack

16:13 <tantek> basically, with a simple cleartext callback, you can cause the callback to occur to another server = DoS potential

16:14 <aaronpk> right, but it was the simplest solution I could think of, I wanted to start from there and work forward

16:14 <tantek> makes sense

16:14 <aaronpk> I think the next best may actually be a public/private key solution to sign the message, but that starts getting complicated fast

16:15 <tantek> sure - PKI

16:16 <tantek> what about DNS lookup against the claimed from URL and seeing if it matches the IP of the sender?

16:16 <aaronpk> That works most of the time, but in my case it would actually fail.

16:16 <tantek> would that make for a simple 1 server with 1 IP workable solution?

16:17 <aaronpk> My server has three external IP addresses so its default gateway is not aaronparecki.com's IP

16:17 <aaronpk> but it would work if the server has only one external IP

16:17 <aaronpk> it would also be insecure if there were multiple domains on the same IP

16:18 <tantek> well, spoofable in those situations

16:18 <tantek> which is common in shared hosting setups

16:19 <aaronpk> right

16:20 <tantek> (I have that myself)

16:20 <tantek> do your 3 outbound addresses have unique subdomains?

16:21 <aaronpk> they are unique domains, not just subdomains

16:22 <aaronpk> email solves this problem by delegating via MX records, and uses SPF to create a whitelist of other servers that are allowed to send mail on that domain's behalf

16:22 <tantek> I feel like rel-me could help here

16:25 <aaronpk> can you elaborate?

16:27 <tantek> The problem here is trusting domains on behalf of other domains

16:27 <tantek> solving this would also solve a store-and-forward scenario.

16:27 <tantek> where you could pass a message to another server if the intended server was temporarily down, and have some agreement/policy on retry or drop within 24 hours or something

16:27 <aaronpk> isn't the problem being able to prove you are who you say you are?

16:28 <tantek> two problems

16:28 <tantek> 1) with 1 shared IP across multiple untrusted domains, avoid message falsification

16:29 <tantek> 2) with a domain that uses multiple IPs to send (each of which have their own domains) having a way to say, you can trust domain A on behalf of domain B

16:29 <tantek> 2) might be solvable with rel-me

16:29 <tantek> 1) is more challenging

16:30 <aaronpk> I feel like email has already solved #2 as well as store-and-forward

16:30 <aaronpk> there are also some decent solutions to #1 with email, but it quickly gets complicated to implement

16:32 <tantek> I think email got overly complicated because of the users at domains problem

16:32 <tantek> and it's obviously subject to spam

16:32 <tantek> so part of the goal here is to make it so that the protocol makes it too expensive to be worth being a spammer

16:32 <tantek> with from-domain verification

16:36 <aaronpk> brennannovak: https://github.com/aaronpk/IndieWeb-Messaging

17:32 <aaronpk> alright! We got it talking between aaronparecki.com and brennanovak.com now!

17:32 <aaronpk> brennannovak.com*

17:35 <brennannovak> w00t!!!!!!

17:39 <tantek> congrats aaronpk and brennannovak!

18:37 <tantek> aaronpk - sounds like you should add that Indieweb-messaging github to http://indiewebcamp.com/Projects :)

18:38 <tantek> so here's the question re: indieweb-messaging prove you are who you say you are -

18:38 <tantek> can OAuth 2.0 solve this problem for us?

20:34 <Loqi> [[Special:Log/upload]] overwrite * Aaronpk * uploaded a new version of "[[File:aaronpk.jpg]]"

21:53 <aaronpk> good evening tantek!

21:53 <tantek> good evening!

21:53 <aaronpk> I talked about this protocol with Kyle and Brian this evening a bit

21:54 <aaronpk> We were thinking about other ways to handle identification

21:55 <aaronpk> but didn't come up with anything really compelling

21:56 <aaronpk> OAuth 2 doesn't really help, since OAuth is more about granting access to an existing account, and there are always three parties involved

21:57 <aaronpk> proving who you say you are will ultimately always require contact with the person in question, so it becomes either 1) ask if they sent the message, or 2) use their public key to verify the signature of the message

21:57 <aaronpk> that was our conclusion

22:37 <aaronpk> alright got a writeup http://aaronparecki.com/IndieWeb_Messaging

22:38 <aaronpk> brennannovak: ^^

22:39 <tantek> 1 sec bbiab

23:22 <tantek> oops

23:24 <aaronpk> cool well I'm pretty happy with the writeup and the live demo!

23:24 <aaronpk> not bad for a half day of hacking

23:25 <tantek> seriously - nicely done

23:26 <aaronpk> thanks!

23:27 <aaronpk> the post is supposed to be not overwhelming, so the reader might feel like they could implement it on their own site relatively easily, and not necessarily using the code I wrote

23:31 <brennannovak> very nice writeup aaronpk: great job!