You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Benedikt Kristinsson a662e9e5e1 adding addr messages 6 years ago
paper initial commit of essay 6 years ago
tests ping/pong (wip). stop validating nonce - claiming its pointless. changes to the output 6 years ago
.gitignore initial commit of essay 6 years ago
README.md inital commit 6 years ago
cryptotools.py ping/pong (wip). stop validating nonce - claiming its pointless. changes to the output 6 years ago
messages.py adding addr messages 6 years ago
network.py adding addr messages 6 years ago
proof.py inital commit 6 years ago

README.md

NameChain (Proof of Concept)

This is meant to be a proof-of-concept implementation of NameChain, a peer-to-peer verification of HTTP/SSL sites instead of the traditional CA system.

A blockchain may or may not be involved.

Brief protocol explenation

I feel that it is pointless to list out the flaws of the CA system. This is not the place to do that, this is merely an exploration of an alternative idea.

The idea is based on both first-trust (like SSH) and the idea that a HTTPS/SSL server should be serving the same SSL certificates to any clients on the internet.

When a new HTTP/SSL site is "found" (mined?), the certificate fingerprint is broadcast through the p2p network, along with a proof-of-check. Each participant in the p2p network will (with a random probability) then check the fingerprint and given proof-of-check. The probability that each given client will perform the check is determined by the number of participants in the network, to avoid hugging new sites to death.

A new site can be found by anyone, not just it's owner. However, clients probably shouldn't automatically send out any new sites they encounter, as that would tell the whole network what this user is looking at.

Sites could be manually entered into the system, but that seems tedious. Consider this an open practical question.

Depending on the scale, nodes in the p2p network might not be able to hold the full NameChain.

proof-of-check

Based on the concept of proof-of-work in Bitcoin.

proof-of-check = HMAC(key=node_id, url || ssl_fingerprint)

Proves that a node opened an SSL connection to a server at url and read the fingerprint. To verify, a node will connect to url and read the fingerprint byt itself, then calculate the HMAC to verify that it saw the same certificate that the node given by nodeid did.