[Freedombox-discuss] Announcing Santiago Release Candidate 1
Hi folks, I'm proud to announce the first release candidate (developer
preview) of the Santiago service. Santiago is designed to let users
negotiate services without third party interference. By sending OpenPGP
signed and encrypted messages over HTTPS (or other protocols) between
parties, I hope to reduce or even prevent MITM attacks. Santiago can
also use the Tor network as a proxy (with Python 2.7 or later), allowing
this negotiation to happen very quietly.
Santiago currently lives at:
Currently, it needs a *lot* of polish, but there's enough for a
technical demonstration and basic use. Try combining it with .onion
Testing it out it takes a bit of setup:
- This was all tested on Debian Stable, so I know it works on Python
2.6. Other versions may work differently.
- You need a PGP key. You probably want to make a new password-less key
specifically for Santiago.
Santiago's running as a service, and you won't always be there to
enter the password when the gnupg-agent times out and locks the
keyring again. At that point, Santiago will block while waiting for
(or fail without) the password.
- You need [python-gnupg](http://code.google.com/p/python-gnupg). Make
sure it's either in your PYTHONPATH, or edit the start.sh and test.sh
files so that it can be found.
- You need a ``production.cfg`` or ``test.cfg`` file with contents like
keyid = (your 40-character key identifier)
- You need an SSL certificate (the ``ssl-cert`` package is required).
Run the following as root, changing the group as necessary:
# make-ssl-cert generate-default-snakeoil
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf santiago.crt
# chgrp 1000 santiago.crt
# chmod g+r santiago.crt
See ``/usr/share/doc/apache2.2-common/README.Debian.gz`` for more
- Either set up a Tor listener on port 8118, or set the proxy port to
"None" or 80, if you're running Python 2.7 or later.
- Run ``make`` once in the Plinth root directory to create the config
files you need.
- Running ``bash start.sh`` in a console will set up a Santiago service
that communicates with itself. You can see the Santiago service learn
about the "https://somestuff" location (it'll appear in the
"consuming" dictionary) if you navigate to:
https://localhost:8080/query?service=santiago&host=(your key ID)
It'll give you a warning about an untrusted certificate, but since
you just made that certificate, ignore the warning.
After you load the page, you won't see anything. That's by design.
You'll need to watch the debug messages (look for one reading
"Success!") or Ctrl+C out of the server to drop into PDB where you can
examine the santiago.consuming dictionary.
Technically, it works, but with a fair number of caveats:
- Python doesn't currently verify the HTTPS certificates used. We still
use the OpenPGP key for verification, but it'd be helpful.
- It'd also be nice to munge the PGP key into the HTTPS certificate,
requiring only a single identity document to secure all the
- It doesn't yet play well with others (you can't read the hosting and
consuming dictionaries from other processes very well). Please let me
know your ideas for fixing this.
- It needs better state storage and recovery. Doing this well is my
highest priority right now (the blocker for the 0.2 release).
- The current start methods appear to block, so new protocols might not
load when you expect them to.
- It needs more tests, there are still a good number of behaviors that
work but aren't verified.
- As you can see above, setup isn't easy.
- Request proxying: If Alice can't reach Bob, but they both can reach
Carl, Carl can pass the messages for them.
- Not-braindead state storage and restoration.
Please test it out and let me know your thoughts. I'll make it easier
to handle and use over the coming days and weeks, but I just wanted to
get it out the door now that it has successfully integrated PGP. If you
have any changes you'd like to see, at all, please send me a patch or
fork the repository.
James, you can pull it now. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 835 bytes
Desc: not available