Hi folks, just wanted to give a quick update on the progress here. I've started the process of making Santiago encrypt and sign service request messages. I'm not completely sure the process is right though, it seems like I'm requiring the system to do unnecessary work and that shortcuts I'm not seeing should be available.
If you're interested in giving some feedback on the design, look at simple_santiago.py's unpack_request method. The basic idea is that we want A and B to communicate privately through any number of intermediaries (proxies), who they don't necessarily trust, but who trust one another. 1. A encrypts its message to B. 2. To allow proxies to deliver the message, they need to know who the destination is, so A marks B as the message's destination and signs that message, so it can't be tampered with during transit. 3. Each proxy signs the message for transit to the next proxy, stripping off any previous signature, and rejecting any invalid or untrusted signatures. Please let me know if you can think of any ways to simplify this, or if I should go with another design, generally. If you want a "working" Santiago, check out the previous commits [1]. Things are kinda torn up right now and *will not work*. Nick 0: http://www.saltycrane.com/blog/2011/10/python-gnupg-gpg-example/ 1: https://github.com/NickDaly/Plinth/commit/a4c0d1619d02cfc4150863acb5f02803c88ff4c1
pgp48JXfTIaae.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
