Meenakshi:
Hello! Sorry for the late reply:
> Step 1: Registration
> I understand the registration file from the web server contains the
> private key of the User1.
> Are these contents (private key of User1) in registration file signed
> with the webservers(getengaged) private key or some shared key or
> something else.
It's signed with the webserver's (GetEngaged.net's) private
key.
> Step 3: Create Partership
> What I understand is that after receiving the partership file from web
> server, User1 also has the Public Key information of User2 along with
> other data like IP addresses....through the contents of the Partership
> file.
> Again Are the contents of the partership file for User1 signed by the
> webserver's shared secret or its public key or something else.
The Partnership file's contents are, as I understand it:
> > This is what web script is writing in the partnership file.
> > Contents of the partnership file are-
> > Header: -
> > Signature + version i.e. "EchoFree Partnership File" + "1.00" +
> > Information of first user: -
> > Partnership file name (First name of user1 + first name user2 +
> > .ecf) +
> > User First Name + User Last Name + Email Address +IP Address + length of
> > public key + public key +
> >
> > Information of second user: -
> > User First Name + User Last Name + Email Address +IP Address +
> > length of public key + public key +
> >
> > Signed message: -
> > Data length of signature + signature (dtSignedDataLen, Header,
> > UserData1, length public key of for user1, public key of for user1,
> > UserData2, length public key of for user2, public key of for user2)
> >
> > Note- to sign, web script is using CryptoControl object.
> > '+' Sign shows the concatenation of string.
> >
> > Thanks,
> > Arati
The signature is again based on the private key of the server.
> Are partenership files also exchanged when the connection is initiated
> from either end.......
>
> -Meenakshi
No, the files themselves are not exchanged during the
authentication process. I believe a hash of the user data is created,
and that hash is encrypted with one of two private keys associated
with the VPN. That result is sent to the other side, which creates
the same hash, and decrypts what was received. If the two match, then
the authentication is successful.
I *think* that's how it works. Which is why a source code
review and documentation of the process would be very helpful.
cheers,
Scott
> On Mon, 09 Dec 2002 12:06:56 -0800, "Meenakshi Vohra"
> <[EMAIL PROTECTED]> said:
> > Hello Scott,
> > I would review the scenario you mentioned and what I understand is that I
> > will have see if the model described by you is how a security model
> > works. I will also try to go through the earlier mails in this list to
> > know more about Kaboodle and Zebedee
> >
> > Thanks,
> > Meenakshi
> >
> > On Sun, 8 Dec 2002 16:00:36 -0800 (PST), "meenakshi arora"
> > <[EMAIL PROTECTED]> said:
> > >
> > > --- "Scott C. Best" <[EMAIL PROTECTED]> wrote:
> > > > Date: Sat, 7 Dec 2002 21:52:57 +0000 (GMT)
> > > > From: "Scott C. Best" <[EMAIL PROTECTED]>
> > > > To: meenakshi arora <[EMAIL PROTECTED]>
> > > > CC: [EMAIL PROTECTED]
> > > > Subject: Kaboodle VPN overview
> > > >
> > > > Meenakshi:
> > > >
> > > > Hello! The biggest limitation of the current VPN
> > > > feature
> > > > is the lack of peer review. :) That is, I believe it
> > > > works as follows:
> > > >
> > > > 1. User1 on LAN1 downloads Kaboodle and registers
> > > > its VPN capabilities
> > > > at www.GetEngaged.net. That is, they download a
> > > > "registration
> > > > file", essentially a signed secret-key.
> > > > 2. User2 on LAN2 does the respective thing for their
> > > > network.
> > > > 3. User1 on LAN1 creates a Partnership file with
> > > > User2 on the same
> > > > site. Both users download and install the
> > > > Partnership file,
> > > > essentially a signed public key.
> > > > 4. USer1 or User2 then initiate a connection.
> > > > Kaboodle does a
> > > > Gnutella search for the Partnership file
> > > > associated with the
> > > > connection. Once the file is found, it is
> > > > authenticated on both
> > > > sides using the secret-key information from #1.
> > > > 5. After authentication, a "control channel" is
> > > > setup using TCP port
> > > > 4282. An 16-char random string is transferred
> > > > across this channel.
> > > > 6. Using that string as a symmetric password, a
> > > > Zebedee connection
> > > > is initiated from one side to the other, using a
> > > > user-defined
> > > > TCP port (defaults to 11965, the Zebedee
> > > > default).
> > > > 7. All data transactions now go across this "data
> > > > channel".
> > > >
> > > > Version 0.99 (which you can get from the "alpha"
> > > > directory
> > > > on ftp.Kaboodle.org) should do all of this. I know
> > > > that using that
> > > > connection, I can do all of the above and then VNC
> > > > across the secure
> > > > connection (I can see from tcp-dumping the LAN
> > > > traffic that the
> > > > right ports are being used). I have just not
> > > > *confirmed* that the
> > > > security model works exactly as I have specified
> > > > above. One of the
> > > > coders may have, unknowingly, taken a shortcut in
> > > > the interest of
> > > > functionality.
> > > > Would you be able to review such a thing?
> > > >
> > > > thanks,
> > > > Scott
> > > >
> > > > PS: It'd be great if you could join the
> > > > Kaboodle-devel email list.
> > > > I've CC'd it here in my reply.
> > > >
> > > > On Fri, 6 Dec 2002, meenakshi arora wrote:
> > > >
> > > > > Hello Scott,
> > > > > Could you please send me the list of current
> > > > > limitations of the VPN feature which I can start
> > > > > working on. Also If you could send me other
> > > > features
> > > > > limitaions too I would like to review them.
> > > > >
> > > > > I would be needing your guidance to chose a
> > > > direction
> > > > > to start.
> > > > >
> > > > > Thanks,
> > > > > Meenakshi
> > > >
> > > >
> > >
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > > http://mailplus.yahoo.com
> > >
> > --
> > Meenakshi Vohra
> > [EMAIL PROTECTED]
> >
> > --
> > http://fastmail.fm - One of many happy users:
> > http://www.fastmail.fm/docs/quotes.html
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Kaboodle-devel mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
> >
> --
> Meenakshi Vohra
> [EMAIL PROTECTED]
>
> --
> http://fastmail.fm - mmm... fastmail...
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Kaboodle-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
>
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Kaboodle-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
