[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Santiago Verifying Requests



Sorry for the slow turnaround, I've been doing way too much work and
spending most of my spare time trying to figure out how GnuPG and
Python-GnuPG differentiate between "this signature is mathematically
self-authenticating" and "this signer is within my web of trust" - it's
unclear from the documentation how to tease apart those concepts.  I
still have some key signing and verifying tests I need to do though.
Guess it's time to generate lots of entropy by watching YouTube videos
of otters holding hands.

The following is a poor-etiquette multi-reply, apologies.

On Wed, 11 Apr 2012 23:08:28 +0200, Michael Rauch wrote:
> by encrypting and signing the message you get end-to-end confidentiality 
> and integrity of payload+destination between A and B (step 1. and 2.).
> 
> what is the purpose of step 3? is the intent to only relay messages for 
> friends (trusted entities) and if so, what is gained and lost with that 
> approach?

Nice job identifying the purpose behind each step.  I included step 3 so
that A's message to B could pass through any number of proxies who trust
neither A nor B (only the first and last proxies need to trust A and B,
respectively).  The idea is to relay only messages that come from
friends.  This keeps any private Web-of-Trust nodes private.

This allows me to publish my key and publicly sign other keys, but to
also trust (yet never publish) some trust-relationships. Perhaps that
particular trust relationship (pseudonymous or not) is sensitive
information.  Granted, these private trusts contribute nothing to the
WoT but they are a useful privacy-protecting feature nonetheless.


On Wed, Apr 11, 2012 at 2:11 PM, Charles N Wyble wrote:
> Nick M. Daly wrote:
>> If you want a "working" Santiago, check out the previous commits [1].
>> Things are kinda torn up right now and *will not work*.
>
> Branches? :)

As soon as this feature is complete, it'll be feature complete enough to
*have* a stable branch. ;)  It'll also get documentation and unit
testing.  And a list of new features to develop.


On Thu, 12 Apr 2012 09:16:32 -0700, Jack Wilborn wrote:
> I was just curious if we are using the en/de encryption that the CPU has
> internally or are we using software to do this?  Just curious, hope we are
> using the supplied hardware to handle this within the CPU.

I don't think I understand your question.  I ask the Python-software to
perform the calculation, which it performs with the CPU (through pure
magic, as far as I know).  Are you asking "do we farm these calculations
out to a math-coprocessor?"  That's dependent on CPU architecture (IIRC?).
Don't know if DreamPlug has one, but your standard x86 system will.

Thanks for your time,
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120412/33c1cd1e/attachment.pgp>


Reply to: