tracker pki

in order to secure pet names and other information in tracker applications, we need some way to bootstrap secure coms and encrypted overlay routing.

ad-hoc PKI or SSB-as-PKI

in other words subjective PKI for dynamic contextual trust

which is different than ID merging so no #sameas here

an agent is a trusted actor that maintains a coherent view of the local state by replicating control messages from other agents. depending on configuration, an agent may also facilitate replication by acting as a pub.

here ssb is used to replicate trust information and provide auditable secret management. additional encryption on top of private box may be applied as needed.

pub invites are used to establish network capabilities and broadcast network addresses. this information is used to bootstrap service discovery and the network overlay. peers may connect from behind NAT as long as there is one or more peers with a public address.

network policy needs some consensus mechanism for replicating a consistent and time travel-able view of the network configuration. CRDT or tangle can work.

delete messages need to be taken into account.

how do we establish write capabilities?

you can always write to keys under your own namespace. shared namespaces tangle? shared namespaces are replies to a common parent. a namespace is a message. a namespace is a label.

namespaces can be exported by any application. cryptocaps are only needed to establish network security and routing policy.

networks can be created as needed by generating a new network cap and bootstrapping gossip using the same invite mechanism. by default, networks do not share resources, but it may be possible to securely do so in some cases. if so, a verified secure sharing policy should be bundled with the system distribution. independent verification should be possible as well.

a similar signalling system could be used to bootstrap RONJA and directed radio networks using encrypted LoRa transmissions.

related work by some feddy folks

github