On keys and users
Posted Jun 23, 2011 17:26 UTC (Thu) by sethml
Parent article: On keys and users
Anybody interested in an interesting approach to key distribution and management might want to take a look at Gale, a secure distributed IM/group chat system. Unfortunately, it's pretty much a dead project now, but still has some active use.
Unfortunately, the documentation is a bit sparse and incomplete. A few of the interesting features are:
- Servers automatically create a spanning tree capable of routing messages to clients robustly while minimizing bandwidth use.
- Servers are dumb and have no ability to decrypt messages - only the headers requires for routing messages are understandable by the servers.
- Public key cryptography is used to authenticate senders and to encrypt private messages.
- A tree of trust - the key for firstname.lastname@example.org would be signed by the private key for lwn.net, which in turn would be signed by the key for net, which would be signed by the root key. Given the root public key, the email@example.com key could be verified.
- Keys fetchable on request by key-server daemons (gdomain), with a revocation mechanism.
The project never really figured out effective key storage and management for non-Unix machines, and eventually lost momentum beyond a core community which continues to use it. However, I think the key challenges it was trying to solve remain mostly unsolved.
to post comments)