[Freedombox-discuss] Santiago Verifying Requests
I'm glad to see this coming together! You're grappling with the right
issues, i think.
On 04/10/2012 10:20 PM, Nick M. Daly wrote:
> 1. A encrypts its message to B.
> 2. To allow proxies to deliver the message, they need to know who the
> destination is, so A marks B as the message's destination and signs
> that message, so it can't be tampered with during transit.
these two stages together look like what is known in the S/MIME world as
Using a published standard often makes things easier to implement (and
easier to audit). I don't know of anyone who has defined the concept of
triple-wrapping for PGP/MIME , but the two encapsulation mechanisms
have a lot of similarities. You could also use S/MIME message
encapsulation with key material from OpenPGP as long as the algorithms
involved have clear mappings to one another.
If for some reason you don't choose to use a standard way to do this
(yikes!), you should probably at least make sure that you understand the
nuances of the standard ways to do it, and have a clear argument for why
you're diverging from them.
> 3. Each proxy signs the message for transit to the next proxy, stripping
> off any previous signature, and rejecting any invalid or untrusted
I'm also not convinced by this step. What do the per-message signatures
give you? If there are secure (encrypted and mutually-authenticated)
transport links between the proxies, what do you gain from passing a
static signature on the message content between them as well? It's
entirely possible that i'm not understanding your proposed architecture,
though, since i'm afraid i haven't read the specs for santiago with any
significant detail (sorry!). Please correct me if i'm making any
Thanks for working on this. I hope the messages above are helpful and
 PGP/MIME: https://tools.ietf.org/html/rfc3156
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature