Dear OpenSSL developers,
I've been developing an private peer-to-peer application based on OpenSSL
(Thank you, to all the developers who have put time into OpenSSL)
Initially I used X509 certificates for the authentication between
peers, However I quickly realised that a hierarchical certificate
structure was not ideal, and that a Web of Trust system
would be required.
So I've implemented an web-of-trust style authentication system
inside OpenSSL. It is basically a combination of OpenPGP style
certificates and SSL3/TSL1 connection
After 6+ months of work, I've finished the first working prototype.
and would like to share it with the OpenSSL developers of the
world (and contribute back). Hence this email!
So:
(1) Is OpenSSL interested in including this work into the
code base (provided its up-to-scratch etc...) ?
(2) If so, is there anyone who could [guide/help] me to clean it up
and correctly merge the code?
(3) What are the procedures for doing so (I'm new around here)
I haven't put the code on the website yet, (soon... there is never
enough time to get everything done). but you can see it at work
in my application: RetroShare available at http://www.lunamutt.com.
Looking forward to any comments.
Thanks.
Mark.
-----------------------------------------------------------------------------------------------
More information about the implementation follows.
The work was done on openssl-0.9.7g, and consisted of the following
modifications:
(a) define a ASN1 web-of-trust certificate (a XPGP Certificate) +
implement helper functions.
(b) create a XPGP_method() derived from the ssl3 methods.
This effectively uses the XPGP certificate instead of the X509
certificate. (all the rest is the same)
(c) create a web-of-trust authentication system.
Most of the implementation fits in nicely with the rest of openSSL.
The most significant issues are:
(1) the SSL part of OpenSSL does not allow alternative certificate types, I
therefore transformed "CERT" into a union. (I'm all ears for
alternatives)
(2) The Authentication System is current rather crude and inefficient,
and is
not connected to the STOREs in anyway. (probably needs a redesign)
(3) the Certificate Definition needs to be checked. (would like to make
it compatible with GPG/OpenPGP etc)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
