Search Mailing List Archives
[tcpcrypt-dev] MonkeySphere could be used for authentication
natanael.l at gmail.com
Sun Aug 29 12:21:39 PDT 2010
MonkeySphere has goals that are very similiar to Tcpcrypt, more or less to
provide secure connections.
"The Monkeysphere project's goal is to extend OpenPGP's web of trust to new
areas of the Internet to help us securely identify servers we connect to, as
well as each other while we work online. The suite of Monkeysphere utilities
provides a framework to transparently leverage the web of trust for
authentication of TLS/SSL communications through the normal use of tools you
are familiar with, such as your web browser or secure shell."
In my eyes, Monkeysphere is mostly of a Web of Trust manager that hooks in
to SSH and replaces the public keys that it normally use with OpenPGP keys.
SSH could be replaced in MonkeySphere's current implementation to just use
Tcpcrypt. That would make no extra configuration needed to, as example, use
it with web servers, gaming or friend-to-friend applications.
My current idea is this:
Look for Tcpcrypt connections, announce TCPSphere support to the endpoints.
(Yes, I call it TCPSphere right now)
Exchange public keys when you get a response.
Take the session ID, generate a nonce, add your and his public key
fingerprint and add a time stamp.
Sign this with your key, then encrypt with his. Send.
When both have sent messages and verified the others' message, the
connection has been authenticated.
What MonkeySphere would do is to verify and manage the public keys, meaning
that it would look if the endpoint's key is in your keyring or Web of Trust
(maybe signed by friend?) and what trust it has, and to choose which of your
keypairs to use for communication.
It would probably have some GUI, maybe a browser plugin that could add a
special icon such as those that normally would be shown when SSL is in use.
When clicked, your WoT data is shown instead of SSL certificate data.
Example pseudo code, please comment on and improve:
What do you think of this?
(FYI, I'm not a programmer or crypto expert, just a young geek who thinks
this is cool and something that I want to contribute to.)
--- If everybody is thinking alike, then somebody isn't thinking //
Stupidity is a renewable resource
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tcpcrypt-dev