[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: nym-0.2.1 released (live demo available)




Thanks for the additions! I knew about yes, but not about yes "". You'll be credited in the next changelog. If this thing actually catches on, I'll probably take you up on your kind offer to help with hosting and whatnot.


					-J

On Sun, 2 Oct 2005, Roger Dingledine wrote:

On Sun, Oct 02, 2005 at 02:14:38AM +0000, Jason Holt wrote:
I now have a live server available for those of you who want to play with a
"real" nym tokenserver/CA/webserver.  This process constitutes running
three scripts and installing the client cert.  Details in the README:

Hi Jason,

I just went through the client side of the demo. Nice.

In your README you mention a deb I need -- libcrypt-ssleay-perl.
Turned out I also needed libdigest-sha1-perl for Digest/SHA1.pm. (This
is on Sarge.)

In Firefox, adding a cert is "Edit | Preferences | Advanced |
Certificates" and then click on "ask every time" and then click on
"manage certificates" and click "import".

In the live demo list you say:
 "Real" installations will probably block tor exit nodes and open http
 proxies to enforce the one-token-per-IP rule.
My first response is that Tor servers will hand out at most one token each
anyway, so since they're self-limiting there's no point in special-casing
them.  But then I realized that since a lot of people will judge the
effectiveness of this design from its first five minutes of performance,
we probably do want to close all those holes right at the beginning.

I also wanted to make makecert.sh automatically hit enter at each
point. Having uniform responses is a security issue, after all. I just
hacked that together as
yes ""|./makecert.sh
but you could also work that into the script itself when it calls
openssl. In my ideal world, I guess the openssl command would have a
"hit enter to everything" command-line option.

Let me know if/when you want nym to become an official part of the
freehaven/tor sites. :) We can help with documentation and screenshots
and publicity, and maybe more if there's something you need.

Thanks,
--Roger