Hacker News new | ask | show | jobs
by fenwick67 2821 days ago
The real meat of the protocol is explained here:

https://ssbc.github.io/scuttlebutt-protocol-guide/

> I assume any recipient can prove to a third party that someone said something

All public messages are signed with the author's key, so any third-party can verify it.

Private messages are different, though. You need one of the recipient / sender's keys to decrypt that, and so for a third-party to verify it they would need one of those private keys.
1 comments
ChristianBundy 2821 days ago
This was true until about 14 hours ago. :)

https://github.com/ssbc/secure-scuttlebutt/pull/220

You can now generate an unbox key for a private message send it to a non-recipient for them to be able to access the message, which is really cool. No private key sharing necessary!

link
e12e 2821 days ago
That is cool. But the point stands that public (to all) and private (to designated recipients) messages are "on the record" and can forever be proven to be made by someone that held your private key at the time?

So if I say: "let's fight racism!" and you later decide to collaborate with a (now) racist government - you could prove (not merely allege) that I should go to the gulag?

link
ahdinosaur 2821 days ago
hi e12e,

yes, on-chain messages are designed to be "on the record" (https://viewer.scuttlebot.io/%25G7BjZsZr02TPAoIeD%2Bw3WgiAbi...), where the game theory is of an infinitely-repeated game (https://en.wikipedia.org/wiki/Repeated_game#Infinitely_repea...) where participants have verifiable knowledge of past game activity, which is useful for trust-based coordination.

our plan is to eventually add a side protocol for off-chain ("off the record") messages which re-use the same cryptographic identities, for all your other conversations. :)

link
dmos62 2820 days ago
I too find it a bit discouraging that my data would leak away to the whole network eventually. I'd like to have "an island" (I believe this metaphor was used in some docs) to myself and those close to me. Or maybe I haven't yet grasped how SSB works.
link
ahdinosaur 2820 days ago
hi dmos62, Scuttlebutt is designed to allow users to create social communities with trust-based boundaries, but there's just a lot of work to do to bring our implementation up to match our intentions. for example here's a recent step in that direction: https://github.com/ssbc/ssb-incoming-guard.
link