Nick M. Daly wrote:
Hi folks, just wanted to give a quick update on the progress here. I've
started the process of making Santiago encrypt and sign service request
messages. I'm not completely sure the process is right though, it seems
like I'm requiring the system to do unnecessary work and that shortcuts
I'm not seeing should be available.
If you're interested in giving some feedback on the design, look at
simple_santiago.py's unpack_request method. The basic idea is that we
want A and B to communicate privately through any number of
intermediaries (proxies), who they don't necessarily trust, but who
trust one another.
1. A encrypts its message to B.
2. To allow proxies to deliver the message, they need to know who the
destination is, so A marks B as the message's destination and signs
that message, so it can't be tampered with during transit.
3. Each proxy signs the message for transit to the next proxy, stripping
off any previous signature, and rejecting any invalid or untrusted
signatures.
Please let me know if you can think of any ways to simplify this, or if
I should go with another design, generally.
by encrypting and signing the message you get end-to-end confidentiality
and integrity of payload+destination between A and B (step 1. and 2.).
what is the purpose of step 3? is the intent to only relay messages for
friends (trusted entities) and if so, what is gained and lost with that
approach?
-michael
If you want a "working" Santiago, check out the previous commits [1].
Things are kinda torn up right now and *will not work*.
Nick
0: http://www.saltycrane.com/blog/2011/10/python-gnupg-gpg-example/
1:
https://github.com/NickDaly/Plinth/commit/a4c0d1619d02cfc4150863acb5f02803c88ff4c1
------------------------------------------------------------------------
_______________________________________________
Freedombox-discuss mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
_______________________________________________
Freedombox-discuss mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
