Browse: Home / Uncategorized / Now What?

Now What?

By Chris Acheson on March 29, 2009

Here’s what I’ve got planned for AEIOU now:

OpenPGP Integration

An issuer in the AEIOU system is currently identified by their username and the domain name of their server.  This is less than ideal.  If a server has multiple domain names (perhaps it runs as both a Tor hidden service and an I2P eepsite simultaneously), users won’t automatically know that a given username is equivalent across domains.  Worse, if someone hijacks or otherwise acquires a server’s domain name, they’ll be able to impersonate all of the issuers on that server.

This can be solved by making issuer identities global, and tying them to OpenPGP keys.  Doing so has a number of advantages:

  • Each PGP key is unique.  The chance of the same key being generated twice is infinitesimally small.
  • Issuers can sign their IOU definitions (and possibly their IOU tickets as well, though this isn’t compatible with automatic splitting/merging), allowing others to verify their authenticity.
  • AEIOU can piggyback on PGP’s existing web of trust.  Issuers can have their identities verified by other PGP users, so that potential IOU bearers don’t have to do so directly.
  • PGP keys can be used for authentication instead of passwords.

Separate Issuing of Electronic and Paper IOUs

When I added the paper IOU feature, I debated about whether to build it into a separate module from the main electronic IOU issuing application.  I decided not to, in order to avoid having to synchronize issuer accounts across modules.  With global issuer identities tied to PGP keys, this is no longer an issue.  Issuers will easily be able to select entirely different servers for handling of their electronic and paper IOUs, if desired.

Name Changes

Over time, the terms I’ve used have gotten kind of haphazard, simply because of the way that new features were iteratively added and named.  I’d been planning to go through all the code and update the terms used to something more meaningful.  From the old task list:

  • Change terminology:
    • “IOU definition” becomes “IOU type”
    • “IOU ticket” becomes “electronic IOU”
    • “paper IOU ticket” becomes “paper IOU”
    • “ticket stub” becomes “claim ticket” or “transfer ticket” or “transfer certificate” or…
    • “verification code” becomes “authenticity code”
  • Change name of IOU-issuing application to “AEIOU Mint”, in order to differentiate it from other components that will be made later.

I might not go with these exact terms, but you get the idea.

Rewrite

Integrating OpenPGP into AEIOU is a major enough change to justify rewriting the entire program.  Doing so is probably a good idea anyway, as I don’t want to work with raw PHP anymore.  I’m currently leaning towards Python, as it would allow me to use the same language (and reuse some code) when writing desktop client applications for AEIOU.  Regardless of what language I go with, I’ll be using some kind of web application framework with it this time around.

Chaumian Blinding

Some digital bearer certificate systems use Chaumian blinding to protect the privacy of certificate bearers even when they’re not using an anonymity layer to perform transfers.  I don’t fully understand how this works yet, but hopefully by studying the Lucrative/Lucre source code I can figure out how to implement it in AEIOU.

Posted in Uncategorized

Leave a Reply

«