Browse Source

small modifications

master
Benedikt Kristinsson 4 years ago
parent
commit
981c914cbc
  1. 21
      README.md
  2. 18
      network.py

21
README.md

@ -6,24 +6,29 @@ A blockchain may or may not be involved.
## Brief protocol explenation
I feel that it is pointless to list out the flaws of the CA system. This is not the place to do that, this is merely an exploration of an alternative idea.
The idea is based on both first-trust (like SSH) and the idea that a HTTPS/SSL server should be serving the same SSL certificates to any clients on the internet.
When a new HTTP/SSL site is "found" (mined?), the certificate fingerprint is broadcast through the p2p network, along with a proof-of-check. Each participant in the p2p network will (with a random probability) then check the fingerprint and given proof-of-check. The probability that each given client will perform the check is determined by the number of participants in the network, to avoid hugging new sites to death.
When a new HTTP/SSL site is "found", the certificate fingerprint is broadcast through the p2p network, along with a proof-of-check. Each participant in the p2p network will (with a random probability) then check the fingerprint and given proof-of-check. The probability that each given client will perform the check is determined by the number of participants in the network, to avoid hugging new sites to death. Or by having decidated "miners" and most clients wokring like an SPV client in Bitcion (i.e. are nodes in the network, but are not miners).
A new site can be found by anyone, not just it's owner. However, clients probably shouldn't automatically send out any new sites they encounter, as that would tell the whole network what this user is looking at. Either the miners have to crawl or something, or the data can be anonamized somehow. Maybe using Tor to send the data to the miner is plausible, since the delay from finding a new site to having it verified by the network could tolerate delay in seconds. At least its good enough to try.
Sites could be manually entered into the system, but that seems tedious.
A new site can be found by anyone, not just it's owner. However, clients probably shouldn't automatically send out any new sites they encounter, as that would tell the whole network what this user is looking at.
Depending on the scale, nodes in the p2p network might not be able to hold the full chain
Sites could be manually entered into the system, but that seems tedious. Consider this an open practical question.
## Blockchains
Depending on the scale, nodes in the p2p network might not be able to hold the full NameChain.
Everyone wants **a blockchain** these days. A bitcoin-like blockchain probably wont be of much use here, as we went to look up urls's and not transaction id's.
The word "minig" doesn't really work as an analogy. It's not mining, it's verifying. But "verifier" isn't much of an analogy.
## proof-of-check
Based on the concept of proof-of-work in Bitcoin.
Let's try
```
proof-of-check = HMAC(key=node_id, url || ssl_fingerprint)
```
Proves that a node opened an SSL connection to a server at `url` and read the fingerprint. To verify, a node will connect to `url` and read the fingerprint byt itself, then calculate the HMAC to verify that it saw the same certificate that the node given by `nodeid` did.
But anybody can create that hash, if they know the `node_id` and the url. s

18
network.py

@ -23,9 +23,9 @@ def _print(*args):
time = datetime.now().time().isoformat()[:8]
print time,
print " ".join(map(str, args))
class NCProtocol(Protocol):
def __init__(self, factory, state="GETHELLO", kind="RECV"):
def __init__(self, factory, state="GETHELLO", kind="LISTENER"):
self.factory = factory
self.state = state
self.VERSION = 0
@ -58,7 +58,7 @@ class NCProtocol(Protocol):
# since ping keeps going if we don't .stop() it.
try: self.lc_ping.stop()
except AssertionError: pass
try:
self.factory.peers.pop(self.remote_nodeid)
if self.nodeid != self.remote_nodeid:
@ -143,7 +143,7 @@ class NCProtocol(Protocol):
#_print(" [ ] SEND_HELLO:", self.nodeid, "to", self.remote_ip)
self.transport.write(hello + "\n")
self.state = "SENTHELLO"
def handle_HELLO(self, hello):
try:
hello = messages.read_message(hello)
@ -159,7 +159,7 @@ class NCProtocol(Protocol):
self.state = "READY"
self.print_peers()
#self.write(messages.create_ping(self.nodeid))
if self.kind == "RECV":
if self.kind == "LISTENER":
# The listener pings it's audience
_print(" [ ] Starting pinger to " + self.remote_nodeid)
self.lc_ping.start(PING_INTERVAL, now=False)
@ -188,12 +188,12 @@ class NCFactory(Factory):
pass
def buildProtocol(self, addr):
return NCProtocol(self, "GETHELLO", "RECV")
return NCProtocol(self, "GETHELLO", "LISTENER")
def gotProtocol(p):
# ClientFactory instead?
p.send_HELLO()
if __name__ == "__main__":
# start listener
if len(sys.argv) == 2:
@ -209,13 +209,13 @@ if __name__ == "__main__":
_print("[!] Address in use")
sys.exit(1)
# connect to bootstrap addresses
_print(" [ ] Trying to connect to bootstrap hosts:")
for bootstrap in BOOTSTRAP_NODES:
_print(" [*]", bootstrap)
host, port = bootstrap.split(":")
point = TCP4ClientEndpoint(reactor, host, int(port))
d = connectProtocol(point, NCProtocol(ncfactory, "SENDHELLO", "SEND"))
d = connectProtocol(point, NCProtocol(ncfactory, "SENDHELLO", "SPEAKER"))
d.addCallback(gotProtocol)
reactor.run()

Loading…
Cancel
Save