

DSNP: Distributed Social Networking Protocol, with implementation and test sites - thurston
http://www.complang.org/dsnp/

======
shib71
I have some questions. The big draw for sites like Facebook is not just the
core social network, it's also the tangental functionality that builds on that
core. And this protocol aims to be a secure P2P implementation of the core.

Does that mean "applications" are exclusive to users of an identity server?

How would 3rd party applications fit in?

Some networks are starting to offer embeddable forum- or comment-like
behaviour - can this protocol accomodate that?

Is it flexible enough to support other (yet to be invented) uses?

~~~
limmeau
At the core, there seems to be just a PKI for RSA keys in terms of "yes, X is
a friend of mine" attestations, not unlike the PGP web of trust.

So I'm optimistic that your distributed singing sessions (e.g.) could use the
DSNP infrastructure.

------
beza1e1
"The user must trust the server that is hosting their identity"

That's true with DSNP, but given current p2p technology it should be possible
to create a social networking application without data on servers. Where is my
Facebook-on-XMPP desktop application?

------
limmeau
I'm happy to see an approach to social networking that doesn't require
uploading personal data about millions of people into one database.

However, the cryptography in the source code (encrypt.cpp) seems to be hand-
made from RSA, SHA1 and RC4 primitives. While I haven't checked details like
how they choose their RC4 IVs, I wouldn't trust mortals to get a crypto
protocol with PKI right the first time.

------
johnnybgoode
Something like this will inevitably become popular at some point. No one
should really want any closed site to dominate.

~~~
rincewind
For Hackers maybe, but most people do not even see the benefits in using
Jabber over MSN or ICQ

------
Raphael
Finally someone steps up to bat for DiSo!

Although, I'm not seeing how this fits in with OpenID or OAuth.

~~~
kilps
I'm yet to look at it properly, but I'd call it a big mistake if this is not
built on top of OpenID - to me that is the natural extension of the concept.

Imagine signing into a site with your OpenID and actions being sent back to
your hosted DSNP profile Facebook Connect style.

~~~
thurston
I'd like for DNSP implementations (which allow users to lay claim to a URI) to
support OpenID in the sense that it is a provider of identities. It can't be a
consumer though, since an OpenID identity cannot (necessarily) talk DSNP.

------
wmf
This site has tarsnap disease: More talk about crypto than about what it
actually does. :-)

