User: Password:
|
|
Subscribe / Log in / New account

On keys and users

On keys and users

Posted Jun 23, 2011 17:26 UTC (Thu) by sethml (guest, #8471)
Parent article: On keys and users

Anybody interested in an interesting approach to key distribution and management might want to take a look at Gale, a secure distributed IM/group chat system. Unfortunately, it's pretty much a dead project now, but still has some active use.

Unfortunately, the documentation is a bit sparse and incomplete. A few of the interesting features are:

  • Servers automatically create a spanning tree capable of routing messages to clients robustly while minimizing bandwidth use.
  • Servers are dumb and have no ability to decrypt messages - only the headers requires for routing messages are understandable by the servers.
  • Public key cryptography is used to authenticate senders and to encrypt private messages.
  • A tree of trust - the key for lwn@lwn.net would be signed by the private key for lwn.net, which in turn would be signed by the key for net, which would be signed by the root key. Given the root public key, the lwn@lwn.net key could be verified.
  • Keys fetchable on request by key-server daemons (gdomain), with a revocation mechanism.
The project never really figured out effective key storage and management for non-Unix machines, and eventually lost momentum beyond a core community which continues to use it. However, I think the key challenges it was trying to solve remain mostly unsolved.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds