[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Announcing Santiago Release Candidate 1

Hi folks, I'm proud to announce the first release candidate (developer
preview) of the Santiago service.  Santiago is designed to let users
negotiate services without third party interference.  By sending OpenPGP
signed and encrypted messages over HTTPS (or other protocols) between
parties, I hope to reduce or even prevent MITM attacks.  Santiago can
also use the Tor network as a proxy (with Python 2.7 or later), allowing
this negotiation to happen very quietly.

Santiago currently lives at:

    https://github.com/nickdaly/plinth/tree/santiago

Currently, it needs a *lot* of polish, but there's enough for a
technical demonstration and basic use.  Try combining it with .onion
addresses.

Testing it out it takes a bit of setup:

- This was all tested on Debian Stable, so I know it works on Python
  2.6.  Other versions may work differently.

- You need a PGP key.  You probably want to make a new password-less key
  specifically for Santiago.

  Santiago's running as a service, and you won't always be there to
  enter the password when the gnupg-agent times out and locks the
  keyring again.  At that point, Santiago will block while waiting for
  (or fail without) the password.

- You need [python-gnupg](http://code.google.com/p/python-gnupg).  Make
  sure it's either in your PYTHONPATH, or edit the start.sh and test.sh
  files so that it can be found.

- You need a ``production.cfg`` or ``test.cfg`` file with contents like
  the following:

    [pgpprocessor]
    keyid = (your 40-character key identifier)

- You need an SSL certificate (the ``ssl-cert`` package is required).
  Run the following as root, changing the group as necessary:

    # make-ssl-cert generate-default-snakeoil
    # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf santiago.crt
    # chgrp 1000 santiago.crt
    # chmod g+r santiago.crt

  See ``/usr/share/doc/apache2.2-common/README.Debian.gz`` for more
  details.

- Either set up a Tor listener on port 8118, or set the proxy port to
  "None" or 80, if you're running Python 2.7 or later.

- Run ``make`` once in the Plinth root directory to create the config
  files you need.

- Running ``bash start.sh`` in a console will set up a Santiago service
  that communicates with itself.  You can see the Santiago service learn
  about the "https://somestuff"; location (it'll appear in the
  "consuming" dictionary) if you navigate to:

    https://localhost:8080/query?service=santiago&host=(your key ID)

  It'll give you a warning about an untrusted certificate, but since
  you just made that certificate, ignore the warning.

  After you load the page, you won't see anything.  That's by design.
  You'll need to watch the debug messages (look for one reading
  "Success!") or Ctrl+C out of the server to drop into PDB where you can
  examine the santiago.consuming dictionary.

Technically, it works, but with a fair number of caveats:

- Python doesn't currently verify the HTTPS certificates used.  We still
  use the OpenPGP key for verification, but it'd be helpful.

- It'd also be nice to munge the PGP key into the HTTPS certificate,
  requiring only a single identity document to secure all the
  communications.

- It doesn't yet play well with others (you can't read the hosting and
  consuming dictionaries from other processes very well).  Please let me
  know your ideas for fixing this.

- It needs better state storage and recovery.  Doing this well is my
  highest priority right now (the blocker for the 0.2 release).

- The current start methods appear to block, so new protocols might not
  load when you expect them to.

- It needs more tests, there are still a good number of behaviors that
  work but aren't verified.

- As you can see above, setup isn't easy.

Future directions:

- Request proxying: If Alice can't reach Bob, but they both can reach
  Carl, Carl can pass the messages for them.

- Not-braindead state storage and restoration.

Please test it out and let me know your thoughts.  I'll make it easier
to handle and use over the coming days and weeks, but I just wanted to
get it out the door now that it has successfully integrated PGP.  If you
have any changes you'd like to see, at all, please send me a patch or
fork the repository.

James, you can pull it now. :)

Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120515/f5738246/attachment.pgp>
Reply to: