#Bitmessage subscriptions free#
The primary use for BitMessage (as presented in the paper, anyway) seems to be the ability to sent messages that are from a cryptographically verified source, but that source is free to avoid identifying themselves in any real-world way. This would allow an individual or organization to anonymously publish content using an authenticated identity to everyone who wishes to listen. Even if throw-away email addresses are used, users must connect to an email server to send and retrieve messages, revealing their IP address.Īnd when talking about broadcast messages (emphasis mine): In fact, the lack of connection between an address and a real-world entity seems to be branded as a feature:
Maybe so, but if they did, that's not a problem that Bitmessage is designed to solve. then, you use the Bitmessage system to encrypt your message so it is readable only by Alice's private key.īut how did you know that BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE is really Alice's address? Maybe someone printed out fake business cards, or hijacked Alice's website to change her address. When you have fetched the key, you quickly verify that its fingerprint matches the one in Alice's address. You make a P2P Bitmessage request to get the public key associated with BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE. Alice advertises her Bitmessage address (e.g., on her business cards, on her public website, etc.) as BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE.
#Bitmessage subscriptions how to#
Thus, there is nothing to verify: when you send a message to user with public key P, you don't need to verify that your recipient's public key is really P, because you have identified your recipient solely by his public key.Īs for how to tell if a public key belongs to a particular real-world entity: you can't, just as you can't easily verify that a particular email address belongs to a particular real-world entity.įor example, you want to send Alice a message. It appears that a user's public key (or, a hash of their public key) is their messaging address. an example address would be: BM‐2nTX1KchxgnmHvy9ntCN9r7sgKTraxczzyE. If the public key can be obtained by the underlying protocol, then it can easily be hashed to verify that it belongs to the intended recipient. We propose a system where users exchange a hash of a public key that also functions as the user’s address. Since only the actual recipient can successfully decrypt the messages intended for him, all network participants know that if they fail to decrypt the message then the message was not intended for them. Therefore, every network participant tries to decrypt every message passing through the network even if the message was not originally intended for that network participant. If this happens, depending on the content in the broadcasted message, the sender might want to take steps for plausible deniability.īroadcasted messages and the subscription entry itself are stored in the messages contain no explicit address of the recipient of the message. Now every broadcast ever sent and every broadcast sent in the future can be decrypted. Once a broadcast is decrypted, the sender address is known. This process gets harder with more active addresses being in the network but it is possible. To decrypt a broadcast without having the address requires a user to convert a public key to the address it is used for.Īfter this has been done, the derived key must be created from each generated address and decryption has to be tried. Since broadcasts are encrypted, a subscription is a must-have, because the public key of the sender is required to decrypt a broadcast.Ī Broadcast is encrypted with a key, that can be derived from the address it was sent from.
A subscription allows a user to receive broadcasts from a subscribed address.
0 kommentar(er)
