[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: nym-0.2.1 released (live demo available)



On Sun, Oct 02, 2005 at 02:14:38AM +0000, Jason Holt wrote:
> I now have a live server available for those of you who want to play with a 
> "real" nym tokenserver/CA/webserver.  This process constitutes running 
> three scripts and installing the client cert.  Details in the README:

Hi Jason,

I just went through the client side of the demo. Nice.

In your README you mention a deb I need -- libcrypt-ssleay-perl.
Turned out I also needed libdigest-sha1-perl for Digest/SHA1.pm. (This
is on Sarge.)

In Firefox, adding a cert is "Edit | Preferences | Advanced |
Certificates" and then click on "ask every time" and then click on
"manage certificates" and click "import".

In the live demo list you say:
  "Real" installations will probably block tor exit nodes and open http
  proxies to enforce the one-token-per-IP rule.
My first response is that Tor servers will hand out at most one token each
anyway, so since they're self-limiting there's no point in special-casing
them.  But then I realized that since a lot of people will judge the
effectiveness of this design from its first five minutes of performance,
we probably do want to close all those holes right at the beginning.

I also wanted to make makecert.sh automatically hit enter at each
point. Having uniform responses is a security issue, after all. I just
hacked that together as
yes ""|./makecert.sh
but you could also work that into the script itself when it calls
openssl. In my ideal world, I guess the openssl command would have a
"hit enter to everything" command-line option.

Let me know if/when you want nym to become an official part of the
freehaven/tor sites. :) We can help with documentation and screenshots
and publicity, and maybe more if there's something you need.

Thanks,
--Roger