OK #radical idea. No signatures, no certificates. Deniable authentication between peers, and nothing else, but with relaying. If Alice sends you Bob's feed, you just blindly trust that it's Bob's feed, allowing Alice to MITM you and Bob whenever she wants. Crazy, right? Well, if you're also peering with Bob, then you can tell if Alice is lying...
Let's say you peer with Alice and Bob, and Alice sends you Claire's feed. You just blindly trust that it's Claire's feed, but then Bob also sends you Claire's feed. If Bob and Alice send you different feeds for Claire, but they also send you their own feeds, you can tell if Bob is lying about Alice's feed. If he isn't, then that's 2:0 odds he's telling the truth about Claire, with only 1:1 odds for Alice, since you can verify she lies once, tells the truth once (her own feed).
Short of an outright Sybil attack, which can be defeated by steganography or having just one single peer outside the adversary's control, you can estimate whose version of someone's feed is the legit version by looking at the odds that your known peers are telling the truth. That means you can basically get someone's feed without ever connecting to them, or verifying their identity at all. You can build trust with them, without any signatures or even authentication.
@cy Both Alice and Bob might get Claire's feed from Dave, and only Dave, who messes with it.
Signatures make it easier to mitigate against more difficult to control scenarios.
However, *authentication* can be mostly skipped either way. You can trust Claire's signature whether or not you verify that the private key is in possession of any particular individual.
@cy Especially when bootstrapping a node, chances are *very* high you peer with only one party, or a very limited subset.
Also, here both Alice and Bob peer with Dave and each other. It's not what I'm describing. I'm describing another kind of bootstrapping where some content / feed is only available from a single source (in reach).
That is going to be a typical case for anything long tail.
@jens Bootstrapping is a problem in any network, with or without signatures. If the only person you can trust is Dave, then you have to trust him with everything you can't do yourself.
With content, it sorta doesn't matter who the source was, if the content is good. You want the source to be less known actually, because that's who they go after first!
@cy Hard disagree on the conclusions, but I suspect I'm mostly writing this for the record.
Bootstrapping is an issue in every network, which is why it's a likely attack point. That's exactly why putting effort here is necessary, and it shouldn't be dismissed.
Content being good is true, but also a red herring in the age of fake news. A compromised source can wreak havoc.
Signatures do not protect against compromised keys, but against inserting damaging content into a legit stream.
@jens A compromised source can wreak havoc, only if you believe that it isn't compromised. This network allows for a range of trust, when you don't even trust someone enough to authenticate with them, but can still communicate, probably.
Once you trust someone enough that you believe that they won't be compromised, then you'll exchange keys and can directly peer with each other.
A private instance for the Finkhäuser family.