[Freedombox-discuss] Santiago Verifying Requests
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Apr 13 04:18:02 UTC 2012
Hi Nick--
I'm glad to see this coming together! You're grappling with the right
issues, i think.
On 04/10/2012 10:20 PM, Nick M. Daly wrote:
> 1. A encrypts its message to B.
>
> 2. To allow proxies to deliver the message, they need to know who the
> destination is, so A marks B as the message's destination and signs
> that message, so it can't be tampered with during transit.
these two stages together look like what is known in the S/MIME world as
"triple-wrapping":
https://tools.ietf.org/html/rfc2634#section-1.1
Using a published standard often makes things easier to implement (and
easier to audit). I don't know of anyone who has defined the concept of
triple-wrapping for PGP/MIME [0], but the two encapsulation mechanisms
have a lot of similarities. You could also use S/MIME message
encapsulation with key material from OpenPGP as long as the algorithms
involved have clear mappings to one another.
If for some reason you don't choose to use a standard way to do this
(yikes!), you should probably at least make sure that you understand the
nuances of the standard ways to do it, and have a clear argument for why
you're diverging from them.
> 3. Each proxy signs the message for transit to the next proxy, stripping
> off any previous signature, and rejecting any invalid or untrusted
> signatures.
I'm also not convinced by this step. What do the per-message signatures
give you? If there are secure (encrypted and mutually-authenticated)
transport links between the proxies, what do you gain from passing a
static signature on the message content between them as well? It's
entirely possible that i'm not understanding your proposed architecture,
though, since i'm afraid i haven't read the specs for santiago with any
significant detail (sorry!). Please correct me if i'm making any
mistaken assumptions.
Thanks for working on this. I hope the messages above are helpful and
not discouraging.
Regards,
--dkg
[0] PGP/MIME: https://tools.ietf.org/html/rfc3156
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120413/c5a1b740/attachment.pgp>
More information about the Freedombox-discuss
mailing list