[Freedombox-discuss] Santiago Verifying Requests

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Apr 13 04:18:02 UTC 2012 

Hi Nick--

I'm glad to see this coming together!  You're grappling with the right
issues, i think.

On 04/10/2012 10:20 PM, Nick M. Daly wrote:
> 1. A encrypts its message to B.
> 
> 2. To allow proxies to deliver the message, they need to know who the
>    destination is, so A marks B as the message's destination and signs
>    that message, so it can't be tampered with during transit.

these two stages together look like what is known in the S/MIME world as
"triple-wrapping":

  https://tools.ietf.org/html/rfc2634#section-1.1

Using a published standard often makes things easier to implement (and
easier to audit).  I don't know of anyone who has defined the concept of
triple-wrapping for PGP/MIME [0], but the two encapsulation mechanisms
have a lot of similarities.  You could also use S/MIME message
encapsulation with key material from OpenPGP as long as the algorithms
involved have clear mappings to one another.

If for some reason you don't choose to use a standard way to do this
(yikes!), you should probably at least make sure that you understand the
nuances of the standard ways to do it, and have a clear argument for why
you're diverging from them.

> 3. Each proxy signs the message for transit to the next proxy, stripping
>    off any previous signature, and rejecting any invalid or untrusted
>    signatures.

I'm also not convinced by this step.  What do the per-message signatures
give you?  If there are secure (encrypted and mutually-authenticated)
transport links between the proxies, what do you gain from passing a
static signature on the message content between them as well?  It's
entirely possible that i'm not understanding your proposed architecture,
though, since i'm afraid i haven't read the specs for santiago with any
significant detail (sorry!).  Please correct me if i'm making any
mistaken assumptions.

Thanks for working on this.  I hope the messages above are helpful and
not discouraging.

Regards,

	--dkg

[0] PGP/MIME: https://tools.ietf.org/html/rfc3156

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120413/c5a1b740/attachment.pgp>

More information about the Freedombox-discuss mailing list