[Freedombox-discuss] Santiago Verifying Requests

Michael Rauch l15t at miranet.ch
Wed Apr 11 21:08:28 UTC 2012 

Nick M. Daly wrote:
> Hi folks, just wanted to give a quick update on the progress here.  I've
> started the process of making Santiago encrypt and sign service request
> messages.  I'm not completely sure the process is right though, it seems
> like I'm requiring the system to do unnecessary work and that shortcuts
> I'm not seeing should be available.
> 
> If you're interested in giving some feedback on the design, look at
> simple_santiago.py's unpack_request method.  The basic idea is that we
> want A and B to communicate privately through any number of
> intermediaries (proxies), who they don't necessarily trust, but who
> trust one another.
> 
> 1. A encrypts its message to B.
> 
> 2. To allow proxies to deliver the message, they need to know who the
>    destination is, so A marks B as the message's destination and signs
>    that message, so it can't be tampered with during transit.
> 
> 3. Each proxy signs the message for transit to the next proxy, stripping
>    off any previous signature, and rejecting any invalid or untrusted
>    signatures.
> 
> Please let me know if you can think of any ways to simplify this, or if
> I should go with another design, generally.

by encrypting and signing the message you get end-to-end confidentiality 
and integrity of payload+destination between A and B (step 1. and 2.).

what is the purpose of step 3? is the intent to only relay messages for 
friends (trusted entities) and if so, what is gained and lost with that 
approach?

-michael

> 
> If you want a "working" Santiago, check out the previous commits [1].
> Things are kinda torn up right now and *will not work*.
> 
> Nick
> 
> 0: http://www.saltycrane.com/blog/2011/10/python-gnupg-gpg-example/
> 
> 1: https://github.com/NickDaly/Plinth/commit/a4c0d1619d02cfc4150863acb5f02803c88ff4c1
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

More information about the Freedombox-discuss mailing list