ben
/
ncpoc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
26 Commits 1 Branch 0 Tags 241 KiB
Python 51.3%
TeX 48.7%
Go to file
ben d3a3b48715 default port number 2017-12-29 03:29:56 +01:00
paper initial commit of essay 2016-02-02 05:49:20 +01:00
tests ping/pong (wip). stop validating nonce - claiming its pointless. changes to the output 2016-02-01 16:02:44 +01:00
.gitignore initial commit of essay 2016-02-02 05:49:20 +01:00
README.md small modifications 2017-12-28 23:37:58 +01:00
cryptotools.py ping/pong (wip). stop validating nonce - claiming its pointless. changes to the output 2016-02-01 16:02:44 +01:00
messages.py adding addr messages 2016-05-15 16:37:30 +02:00
ncpoc.py default port number 2017-12-29 03:29:56 +01:00
network.py main() logic moved to ncpoc.py file 2017-12-29 02:49:49 +01:00
proof.py inital commit 2016-01-26 06:40:52 +01:00

README.md

NameChain (Proof of Concept)

This is meant to be a proof-of-concept implementation of NameChain, a peer-to-peer verification of HTTP/SSL sites instead of the traditional CA system.

A blockchain may or may not be involved.

Brief protocol explenation

The idea is based on both first-trust (like SSH) and the idea that a HTTPS/SSL server should be serving the same SSL certificates to any clients on the internet.

When a new HTTP/SSL site is "found", the certificate fingerprint is broadcast through the p2p network, along with a proof-of-check. Each participant in the p2p network will (with a random probability) then check the fingerprint and given proof-of-check. The probability that each given client will perform the check is determined by the number of participants in the network, to avoid hugging new sites to death. Or by having decidated "miners" and most clients wokring like an SPV client in Bitcion (i.e. are nodes in the network, but are not miners).

A new site can be found by anyone, not just it's owner. However, clients probably shouldn't automatically send out any new sites they encounter, as that would tell the whole network what this user is looking at. Either the miners have to crawl or something, or the data can be anonamized somehow. Maybe using Tor to send the data to the miner is plausible, since the delay from finding a new site to having it verified by the network could tolerate delay in seconds. At least its good enough to try.

Sites could be manually entered into the system, but that seems tedious.

Depending on the scale, nodes in the p2p network might not be able to hold the full chain

Blockchains

Everyone wants a blockchain these days. A bitcoin-like blockchain probably wont be of much use here, as we went to look up urls's and not transaction id's.

The word "minig" doesn't really work as an analogy. It's not mining, it's verifying. But "verifier" isn't much of an analogy.

proof-of-check

Let's try

proof-of-check = HMAC(key=node_id, url || ssl_fingerprint)

But anybody can create that hash, if they know the node_id and the url. s