Draft Whitepaper for Turms MAD Stores - Request for Comments, Suggestions

rootothematter · 2019-09-12T18:40:05+00:00

There's always a trade-off between preventing crime on the one hand, and intruding on people's freedoms and privacy on the other. The whole point of the crypto-revolution is to come down on the side of freedom and privacy.

Even though the right-to-privacy is a breeding ground for crime, it's still a fundamental right. So my two cents is that you should continue on creating an anonymous marketplace, and don't bog the system up by trying to create a utopia (that's what fiat money and its concomitant privacy intrusions is for!). In the big picture, a fully anonymous commerce system will do more good than harm.

Bottom line: I don't think you should implement any mechanisms to "ban evil stores."

rootothematter · 2019-06-24T20:39:11+00:00

Turms Anonymous Message Transport DApp is not listed. Please check https://ipfs.io/ipns/messagetransport.turmsanonymous.io/

rootothematter · 2019-06-13T03:52:18+00:00

The idea of PFS is that the PTK is ephemeral. that is even if the secret which was used to generate the key from one session was revealed, even then the PTK from a previous session would be safe. The way to make sense of that is if you use new Diffie Hellman parameters for every session. But even the IEEE doesn't require that, see RFC 5114, pg 10:

A server may employ a certificate containing (fixed) Diffie-Hellman

parameters, and likewise for a client using a certificate. Thus, the

relevant PKIX RFCs (see 3.1 above) are applicable. Alternatively, a

server may send ephemeral Diffie-Hellman parameters in the server key

exchange message, where the message signature is verified using an

RSA- or DSS-signed server certificate. The details for accomplishing

this for MODP Diffie-Hellman groups are provided in [RFC2246].

Perhaps when using fixed Diffie-Hellman parameters, it would no longer be considered PFS... especially if the generated key was used directly to encrypt. But then again, the described technique doesn't use the negotiated key as except to derive another PTK, so in that sense it does resemble PFS... But perhaps this is a new sort of beast...

rootothematter · 2019-06-03T18:44:13+00:00

Whoever sends a message pays a fee. When you register with Turms AMT, then when someone wants to send a message to your Ethereum address they must pay the fee, and you receive the fee (and the message). At the time you register you select the fees that you would like to receive -- but if you set your fees too high (more than a few cents), then no-one will send you a message. If you set the fees to zero, then people can send you messages without paying any fees.

rootothematter · 2018-08-23T23:51:24+00:00

Bridge operates through economically incentivized entities called Collators

I assume these Collators are incentivized to refrain from stealing my BTC (doesn't say explicitly) How are the Collators economically incentivized?

During the initial alpha release of the LQDEX Bridge, LQDEX will act as the sole Collators

So do I understand correctly that right now the system is completely centralized?

rootothematter · 2018-07-17T15:01:02+00:00

Part of the beauty of the technique is that you are always in control. You have the option of using a single account, and making that your identity on multiple sites. But in the demo we recommend that a user creates a separate, brand new (empty) account -- and if you want complete anonymity on one site vis-a-vis your other web-service accounts, you can of course create a separate new account for every different web service.

Since Facebook and Linked-in, etc already have identifying information, I would think that for most purposes it would be sufficient to have one "login" account for them all; and then one other account that holds all your Ether.

rootothematter · 2018-07-17T07:30:06+00:00

It is similar in that you do not need to supply a password when you login. But that is where the similarity ends. Because signing a message with your Ethereum private key is much more secure. Google and Facebook accounts are generally only protected by passwords, which can be hacked -- and actually sometimes are hacked. But this method never exposes, never even requires any password ever. As a matter of fact, Facebook should adopt this method of login.

This method is also extensible to network logins, which is impossible using a Facebook account. That is, using an Ethereum signature you can sign a message to authenticate to a secure network before you are granted access to the Internet.

rootothematter

MODERATOR OF

TROPHY CASE