[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: nym-0.2 released (fwd)

On 10/1/05, Jason Holt <jason@xxxxxxxxxxxx> wrote:
> The reason I have separate token and cert servers is that I want to end up
> with a client cert that can be used in unmodified browsers and servers.  The
> certs don't have to have personal information in them, but with indirection we
> cheaply get the ability to enfore some sort of structure on the certs. Plus,
> I spent as much time as it took me to write *both releases of nym* just trying
> to get ahold of the actual digest in an X.509 cert that needs to be signed by
> the CA (in order to have the token server sign that instead of a random
> token).  That would have eliminated the separate token/cert steps, but
> required a really hideous issuing process and produced signatures whose form
> the CA could have no control over.  (Clients could get signatures on IOUs,
> delegated CA certs, whatever.)

That makes sense, although it does add some complexity for the end
user, having to figure out how to get his certificate into his
browser. Adam Langley's suggestion to cut and paste the token into a
login field at the gateway proxy would be simpler for the user. The
proxy could then set the token in a browser cookie which would make it
available on every access.

> Actually, if all you want is complaint-free certifications, that's easy to put
> in the proxy; just make it serve up different identifiers each time and keep a
> table of which IDs map to which client certs.  Makes it harder for the
> wikipedia admins to see patterns of abuse, though.  They'd have to report each
> incident and let the proxy admin decide when the threshold is reached.

My suggestion was even simpler. The mere fact that a connection was
allowed through by the gateway proxy implicitly certifies that it is
complaint-free. There is no need for client identifiers. Rather, the
proxy would keep a table of which outgoing IPs at which times mapped
to which tokens. The proxy would handle a complaint by invalidating
the token that was used at the time the problem occurred. This is
simpler than your client identifier, provides more user privacy, and
should work out of the box with Wikipedia, which must use a similar
complaint resolution mechanism with ISPs that dynamically assign IPs
to users.