2. What is Finger?
● RFC 742 (December 1977)
● human-oriented status and user information
● <<finger user@server.org>>
Login Name: johba
In real Life: Johann Barbie
Shell: /bin/bash
No unread mail
3. What is WebFinger?
Personal Web Discovery on Email (RFC 7033):
1. Start with an email address: pithy.example@gmail.com
2. Translate it into a URL:
https://gmail.com/.well-known/webfinger?resource=acct:pithy.example@gmail.com
3. Fetch that URL and get back JSON:
{"subject": "acct:pithy.example@gmail.com",
"links":[{
"rel": "avatar",
"type": "image/jpeg",
"href": "http://www.example.com/~myname/profile.jpg"}
]}
4. Problem: domain name participation
4. What is WebFist?
● fallback when providers don't support WebFinger
● makes use of DKIM signatures
● send email to webfist server:
webfist = http://example.com/path/to/your-profile
●
restult: { "subject": "pithy.example@gmail.com",
"links": [{
"rel": "http://webfist.org/spec/rel",
"href": "http://example.com/my-delegation-here.json",
"properties": {
"http://webfist.org/spec/proof":
"http://webfist.org/webfist/proof/08e01fb3123de74555528daaeb2d33b513f50f88c255b91b02617c067df89a3809f0e17197b52413?decrypt=pithy.example%40gmail.com"
}}]}
5. What is Webfist?
●
●
Start with an email address: pithy.example@gmail.com
Translate it into a URL: http://gmail.com/.well-known/webfinger?
resource=acct:pithy.example@gmail.com
● Fetch that URL and receive a bad response
● Formulate a WebFist URL: http://webfist.org/.well-known/webfinger?
resource=acct:pithy.example@gmail.com
● Fetch the WebFist URL and get back JSON
● Follow the delegation path and fetch the real service
document
6. What is Fist Bump?
● Receive a verification email, verify its DKIM signature
● Use the email address to very slowly generate an AES
encryption key with scrypt; the email address is the
password
● AES128 encrypt the email using the generated key
● Save the email to storage, identified by "[scrypt(password)][hash(encrypted-email)]"
● Publish the list of recently encrypted blobs
● Find and share encrypted blobs with peer servers
7. Using Fist Bump
{ "subject": "acct:makingabetter@gmail.com",
"links":[{
"rel": "bitcoin",
"href": "bitcoin:19xeDDxhahx4f32WtBbPwFMWBq28rrYVoh"
}]
● enable CORS headers
● saved at: https://bitfinger.org.s3.amazonaws.com/songelee.json
● send email with content:
webfist = https://bitfinger.org.s3.amazonaws.com/songelee.json