friendica.mafiaspiel.org
@Mike I programmed a addon that provides a Facebook-like chat using Jappix Mini. To make sure I did it right, I have some short questions concerning DFRN. When two users get friends, a key pair is generated (pubkey and prvkey). Are the following statements true?

- The pubkey is not actually public. Only one user knows it (and his friend could reconstruct it from prvkey).
- The DFRN protocol relies on this - if the pubkey would get published on the internet, this would be very bad.
@mike
This is one reason why DFRN needs to be phased out.

But yes to both statements. Each relationship gets a keypair, and these should not be exposed. However, if a key leaks it only compromises the one relationship attached to that key.

But in order to simplify relationships, we provide a "duplex" relationship where only one keypair is necessary to communicate.

In traditional (non-duplex) DFRN, each side of the relationship gets a symmetric key for their side of the conversation. That is, I would have a public key for one side of the conversation and the other person will have the private. He/she will have a complementary set of keys for his/her side of the conversation.

Also, along with the key is an id string which would also be necessary to compromise a relationship. However the ID string is sent in cleartext.