Hi Nick-- I'm glad to see this coming together! You're grappling with the right issues, i think.
On 04/10/2012 10:20 PM, Nick M. Daly wrote: > 1. A encrypts its message to B. > > 2. To allow proxies to deliver the message, they need to know who the > destination is, so A marks B as the message's destination and signs > that message, so it can't be tampered with during transit. these two stages together look like what is known in the S/MIME world as "triple-wrapping": https://tools.ietf.org/html/rfc2634#section-1.1 Using a published standard often makes things easier to implement (and easier to audit). I don't know of anyone who has defined the concept of triple-wrapping for PGP/MIME [0], but the two encapsulation mechanisms have a lot of similarities. You could also use S/MIME message encapsulation with key material from OpenPGP as long as the algorithms involved have clear mappings to one another. If for some reason you don't choose to use a standard way to do this (yikes!), you should probably at least make sure that you understand the nuances of the standard ways to do it, and have a clear argument for why you're diverging from them. > 3. Each proxy signs the message for transit to the next proxy, stripping > off any previous signature, and rejecting any invalid or untrusted > signatures. I'm also not convinced by this step. What do the per-message signatures give you? If there are secure (encrypted and mutually-authenticated) transport links between the proxies, what do you gain from passing a static signature on the message content between them as well? It's entirely possible that i'm not understanding your proposed architecture, though, since i'm afraid i haven't read the specs for santiago with any significant detail (sorry!). Please correct me if i'm making any mistaken assumptions. Thanks for working on this. I hope the messages above are helpful and not discouraging. Regards, --dkg [0] PGP/MIME: https://tools.ietf.org/html/rfc3156
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
