Cryptographic user profiles could be used to exchange keys, sign, and encrypt data in-band across many dats or apps. Every user has an id, encryption public/private keys, and signing public/private keys.
There are a couple ways I've been thinking about how to implement this:
- Every user listens to a discovery-swarm with their user id
- Other users can join the swarm and send messages to that user, encrypted to that user's pubkey
- We can use signal's double ratchet algorithm here for user-user messaging over the swarm
- The user data (keys and contacts) are all saved in a hyperdb and can be replicated across many devices
- Any of the user's devices can handle incoming requests -- can do a little load balancing here
Advantages: would be pretty robust, could build lots of different apps on top of it; not tied to dat, could be useful for other people (ssb?) Disadvantages: the user needs to be joined to the discovery-swarm on at least one device as often as possible; the system would be a little complex
- A user's id is a dat key/address. That dat holds their public keys, identity cert, and profile data. This is public.
- Dats themselves have user/group read/write permissions by encrypting the contents of the dat using user and group keys, and adding metadata to the dat.
- Dats can also indicate which files have been signed by whom, and what the signer's id is (ie. where to download their keys)
Advantages: simple setup; can seed data you don't have access to; can seed dats on untrusted providers like aws Disadvantages: can't push messages to other users without them running a discovery-swarm, tcp/utp server, etc