Quote:
Originally posted by pod
I mean authoritative authentication. As in, user A logs in, and everyone agrees that it is, indeed, user A, and he has access to so and so, not just because he says he's user A, but because everyone can authoritatively verify this.
|
well, everyone who has A's public key will be able to verify A's identity.
in other words, if you have seen user A before, you can be pretty sure it's the same A next time you chat to him/her.
sure, you have a point that if one does not have A's public key, then it becomes impossible to tell which A is the one you are looking for. however, as the public key is sent to you "automagically" first time you see A, that becomes a non-issue in most cases.
also, you seem to be right that in p2p environment it is too bandwidth intensive to implement hotlists that automatically alert you when a buddy is online. however, that's the cool thing about p2p networks: lots of things seem to be impossible at first, but nevertheless become reality later.
- jaan