Decentralized HTTP-based short message communication protocol (to replace SMS).
- Focus on Dark Social (SMS, Email, Whatsapp, Pair)
- Private one-to-one short text messaging like SMS.
- Messages limited to 256 characters. No new lines allowed.
- Users identified by URLs intead of mobile numbers.
- Not IM
- No presense
- But requires pairing before sending a msg
- makes the protocol less chatty because of the shared secret instead of verifying authenticity of individual msgs
- requiring manual approval helps with SPAM
- Support in-reply-to for better conversations.
- Security via HTTPS.
HEAD / HTTP/1.1
Host: bob.hostHTTP/1.1 200 OK
Link: <https://bob.host/otxt-endpoint>; rel="http://otxt.org/"
<html>
...
<link href="https://bobs.host/otxt-endpoint" rel="http://otxt.org/" />
...POST /otxt-endpoint HTTP/1.1
Host: bob.host
Content-Type: application/x-www-url-form-encoded
from=alice.host
to=bob.host
action=pair
secret=
id=tag:[email protected],2012-12-02:alice.host:pair:2
intro=<256_chars_introduction>HTTP/1.1 202 AcceptedBob could setup his otxt host to require manual or automatic approval.
HEAD / HTTP/1.1
Host: alice.hostHTTP/1.1 200 OK
Link: <https://alice.host/otxt-endpoint>; rel="http://otxt.org/"
<html>
...
<link href="https://alice.host/otxt-endpoint" rel="http://otxt.org/" />
...POST /otxt-endpoint HTTP/1.1
Host: alice.host
Content-Type: application/x-www-url-form-encoded
from=bob.host
to=alice.host
action=verify
id=tag:[email protected],2012-12-02:alice.host:pair:2
hash=<hash_of_from+id_using_alices_secret>HTTP/1.1 200 OKNow Bob and Alice can send each other messages using the shared secret that Alice orginally sent to Bob.
POST /otxt-endpoint HTTP/1.1
Host: bob.host
Content-Type: application/x-www-url-form-encoded
action=send
id=tag:[email protected],2012-12-02:alice.host:txt:2
from=alice.host
to=bob.host
txt=<256_chars_msg>
in_reply_to=tag:[email protected],2012-12-01:bob.host:txt:22
datetime=<datetime>
hash=<hash_of_..._using_shared_secret>HTTP/1.1 200 OK- Use microformats instead of link header/element?
- Almost always you will put it up on your page for "humans" so why not just use that!
<div id="me"><a href="https://example.com" rel="http://otxt.org/">https://example.com</a></div>
- Discovery over http is not secure. Should that be made over HTTPS as well?
- group messaging?
- This is currently not possible because you need to add a contact before you can talk to them and not everyone in the group (comma separated
toparam) would have added everyone. - One way to do this is to treat a group just like any other person.
- When a user creates a group, the group pairs with all members of the group.
- When someone sends a msg to the group, the group forwards the msg to the members.
- Alternatively, a new action
relaycan be introduced so that msgs from people that haven't paired can be sent via paired ones.
- This is currently not possible because you need to add a contact before you can talk to them and not everyone in the group (comma separated
- fetch profile? (maybe just use microformats to pick up public info and use this only for private info?)
- GET /otxt-endpoint?profile=(all|email|name|avatar)&of=<>&from=<>&hash=<>
- Allowed only after pairing since this will require the shared secret.
- Multi-Media (using additional params)
img=<image_url>vid=<video_url>aud=<audio_url>
- Links are first class citizens (Might have to skip this to enforce the 256 char limit?).
- compose:
This is how you [link](http://example.com) - display:
This is how you <a href="http://example.com">link</a> - characters counted:
This is how you link
- compose: