[Freedombox-discuss] Santiago Verifying Requests
On Fri, 13 Apr 2012 00:18:02 -0400, Daniel Kahn Gillmor wrote:
> these two stages together look like what is known in the S/MIME world as
I'll look into this, though it'll probably be a week or more before I
have a real response. Thanks for pointing me to it! If you have any
other references, I'd be happy to hear about them.
>> 3. Each proxy signs the message for transit to the next proxy,
>> stripping off any previous signature, and rejecting any invalid or
>> untrusted signatures.
> What do the per-message signatures give you? If there are secure
> (encrypted and mutually-authenticated) transport links between the
> proxies, what do you gain from passing a static signature on the
> message content between them as well?
I think you nailed it. The message isn't necessarily delivered over an
encrypted and mutually-authenticated link. When delivering Santiago
messages, they're essentially dead-dropped. Over Tor (when delivered to
a hidden service), it's an encrypted link, but, the receiver has no idea
where the sender came from. It's designed to be protocol agnostic,
supporting GNUnet, Freenet, and all the rest, and I can't guarantee
those services will even encrypt the messages.
> It's entirely possible that i'm not understanding your proposed
> architecture, though, since i'm afraid i haven't read the specs for
> santiago with any significant detail (sorry!). Please correct me if
> i'm making any mistaken assumptions.
No trouble. I'll clean up the documentation before I push a stable
release, once it's feature complete. This signing, encrypting, and
verifying should make it feature complete, at least for a first release,
though. Still need to look into how proxying should route. Gnutella
style? Will Neruda fill this need and should Santiago just stand down?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 835 bytes
Desc: not available