Dear Victor, On Wed, Sep 23, 2009 at 11:33 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote:
> On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote: > > "Certificates" are useless without corresponding signed messages. What > messages are signed by the private key of the "previous" node, that the > current node can forward to the next? > I only want to verify that the previous node is the node it is supposed to be. After decrypting the setup package I have the certificate (and ip) od the correct previous node. This makes no sense. What message associated with the previous node do > you need to authenticate? Note, the SSL handshake involves the current > client signing the SSL handshake, and the certificate binds the client's > identity to that signature. > Thanks for explaining. The previous node is supposed to sign the handshake, so the current node can verify the previous node is indeed the node it should be. Since I can only do that after the initial handshake, I have to redo the handshake. Is there an easy way to redo the handshake? Why do you need client identity in an anonymity protocol? What is the > security role of the "previous" node certificate. > all routing nodes are chosen by the node that want to stay anonymnous. the whole process is completely decentralized. So there needs to be a lot of security mechanisms to make sure, the packages really traverese the path, the anonymized node has chosen. This includes a verification of the two nodes, such a routing node is connected to. And this verification means: verifying the ip of the previous node and the certificate of it (i.e. verifying that the previous node has the correct certificate private key, fitting the certificate the current node is holding) (i.e. the previous node needs to sign something with its private key (the handshake) so the current node can verify it) You are very confused about the requirements. Forget APIs, and programming > approaches for now, arrive a sensible protocol description. What is the > multi-hop protocol and how/why do you plan to secure it with assymetric > cryptography? > I am only implementing the design. The design of the protocol is already very well developed. You will find a link to the white paper on the Wikipedia page: http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol So yes it really makes sense this way :) (its unorthodox concerning OpenSSL, but still very secure) So I think all I need to do is find a way to redo the handshake, after the connection was already established. only this time the client should sign the handshake, and the server should verify it. Could you provide me some help, how to do this! Thank You Michael > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
