The Paper Napkin Problem

but i see it like this: facebook picture=nickname; facebook name=petname; facebook link (in adress bar)=key

Picture and facebook name are both nicknames in Facebook, there are no petnames. Petnames are private user-defined names for other entities.

2 Likes

Nope.

How about this:

Facebook link = Key (you are correct here)

Keys lie at the heart of the security properties
of the petname system. Nicknames and petnames exist to make it easy for
human beings to manipulate keys. The security of the
system can be no stronger than the unforgeability of the keys.
Self-authenticating public/private key pairs make excellent keys since
they have strong
unforgeability properties. But there are other ways of achieving
unforgeability. A trusted path can also work well as the key: the full
pathname to a file on a specific computer is
also unforgeable (or at least, as unforgeable as the designation of the
specific computer, which can be quite strong in some cases). It does
not make any difference in a petname system whether a key can be
mimicked: keys are handled only by the computer, the human being
handles the keys only indirectly via petnames. For a particular person,
for a particular application, there is a
one-to-one mapping between a key and a petname.

Facebook name = Nickname

Nicknames
can be used to assist in discovery of
keys, and for help in selecting a petname. Nicknames are chosen by the
owners of keys in hopes of creating a distinctive, if not
unique,
mapping from the memorable nickname to the key. Such nicknames often
are promulgated throughout the world in
the hopes of making the nickname stick in the mind as a reference to
the
key. Since there are strong incentives to “take ownership” of a
nickname, even though true ownership is not possible, nicknames are the
most often misunderstood part of a petname system.

In the simple case, a nickname has a one-to-many mapping to
keys The name John Smith is obviously a
nickname: there are many John Smiths.Other nicknames
produce the illusion of being globally unique: the name Marc Stiegler
appears to be globally unique at the time of this writing. But there is
no security property in this accident of global uniqueness. The
uniqueness of the name Marc Stiegler would change quite quickly if,
through the
mysterious forces of human whimsy, the name suddenly became desirable.
Sometimes the desirability of a nickname is not whimsical, but venal.
It is already desirable for some applications to call
themselves
Quicken, for example, and draw windows that request a Quicken password.

Facebook does not have a Petname. You can’t arbitrarily assign a name to a person, and have that as a private reference for yourself.

Petnames
are our private bidirectional
references to keys.
There are many Mark Millers, but there is one specific Mark Miller that
the
name means to me, the Mark Miller who
works with object-capabilities for secure cooperation. “Mark Miller” is
Mark Miller’s nickname; it also
happens to be my petname for the same individual. My private pet name
for my wife is not recognizably similar to the public nickname used by
my wife. In the computer setting, for a specific person with a specific
application, petnames are unique, each petname refers to exactly one
key, and each key is represented by exactly one petname. In all places
in
the application where the app wants to designate the key, the petname
is displayed – which is to say, a
true petname is a bidirectional one-to-one mapping to a key.
All references to the key by the user interface are represented by
petname.
A key cannot have two petnames; if a single key had two petnames, under
what circumstances would the user interface use petname1 as the
representation of the key, and under what circumstances would it bring
up petname2?

Further reading on Petnames (which are inherantly private):

Physical
World Petnames
Humans have been using parts of
petname systems since before the
invention of the written word. Human faces
were used as keys. These keys resisted forgery far better than most
things that pass for security today on computers (except in episodes
of Mission Impossible, and the occasional Shakespearian comedy like
12th Night). The referral, “Joe, this is my son Billy,
he’s great with a club,” transferred both a key/alleged-name pair and a
first-order
purposeful trust recommendation. The recipient of this referral
typically accepts the alleged name as a petname, though in some cases
the recipient may instead choose other petnames, such as, “Bob’s big
dumb dufus of a son”, which is a strictly private petname.

EDIT: Ninja’d by @Seneca! (EDIT2:Again???)

2 Likes

Ninja’d you right there! :smiley:

Edit: Woot, I ninja’d your edit!

1 Like

thank you for clarifications guys

2 Likes

@dirvine,

I don’t believe this to be a network component, being that with the Petname System, the network acts on the raw addresses and transposes them however necessary in the user interface. The network itself will not even be aware of this functionality, so technically, this may be classified under RFC - Decentralised Naming System V - No DNS. However, if/when there are design plans for the browser (from the core devs or as an app developed separately - and I do believe there should be more than one developed) this function will be as integral a part as the url bar is in any current ones for the existing internet.

But no reason not to have a RFC. RFC’s are for more than the core development.

An RFC would mean that people have something to discuss, find security flaws, if any and eventually use as a basis for developing APPS that can follow the same rules making it suitable for widespread usage

Reading the RFCs page on github, while it may not be a part of the network, it might (I would argue should) be important enough to create (or append to) a core library. This will allow developers to have a standardized API with which to interact with. Good catch @neo.

EDIT: Writing up an RFC tonight, refining it tomorrow. Between that, fixing my SMTP server and snagging some MaidSafeCoin, I’m expecting to post the RFC by the end of the work week at the very latest.

2 Likes

If you share a google docs link or something like that, I’ll help out.