[tor-talk] Tor for everyone; introducing Eccentric Authentication

Aymeric Vitte vitteaymeric at gmail.com
Sat Feb 27 18:43:11 UTC 2016 


Le 27/02/2016 13:18, Guido Witmond a écrit :
> A hash table does a lookup from HASH(data) -> data.

No, a DHT stores some data about something referenced by something
looking like a hash

> 
> When I retrieve the data, I can calculate the hash and determine if I
> got the correct data.

When you retrieve the data you can do whatever you like, of course it's
better to implement the required mechanisms to prevent others from
spoofing data.

> 
> What I want is a lookup of name -> public key.
> 
> I could set up a DHT that does HASH(name) -> public key but there in no
> user name in the public key, so there is no way to calculate that I got
> the correct data.
> 
> Would I create a DHT based on HASH(name) -> certificate, where
> certificate is {name, public key, CA-signature}, I still have to
> validate if I got a result from the correct CA. The question that
> remains: who is the CA chosen by <name>.

I am not sure to fully understand your CA signature model, why can't you
store [name,public key,CA-signature,CA-key,CA-name]?

In my previous answer the P2P system on top of the peer/entityID system
would implement peer discovery based on a DHT but not only, peers can
discover each others based on information they get from other peers they
are connected to.

Back to the DHT they could register [peerID, public key, how to reach
peerID] or to match your case [peerID, public key,
entityID,entityID-signature, entityID-key], where peerID is the
fingerprint of the public key, on the closest nodes from peerID, where
the nodeIDs (closest nodes where is stored the data) can be the
fingerprint of temporary keys (like onion keys), so people can't chose
their nodeID and fake the DHT.

The peerID info would come from matching a name in something like a
blockchain (where entityID are referenced too), where you can store as
many IDs as you like (and in your case if I understand correctly map
peerIDs with entityIDs).

So what's the benefit of a CA model here?

-- 
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the tor-talk mailing list