On Sun, Oct 02, 2005 at 02:14:38AM +0000, Jason Holt wrote:
I now have a live server available for those of you who want to play with a
"real" nym tokenserver/CA/webserver. This process constitutes running
three scripts and installing the client cert. Details in the README:
Hi Jason,
I just went through the client side of the demo. Nice.
In your README you mention a deb I need -- libcrypt-ssleay-perl.
Turned out I also needed libdigest-sha1-perl for Digest/SHA1.pm. (This
is on Sarge.)
In Firefox, adding a cert is "Edit | Preferences | Advanced |
Certificates" and then click on "ask every time" and then click on
"manage certificates" and click "import".
In the live demo list you say:
"Real" installations will probably block tor exit nodes and open http
proxies to enforce the one-token-per-IP rule.
My first response is that Tor servers will hand out at most one token each
anyway, so since they're self-limiting there's no point in special-casing
them. But then I realized that since a lot of people will judge the
effectiveness of this design from its first five minutes of performance,
we probably do want to close all those holes right at the beginning.
I also wanted to make makecert.sh automatically hit enter at each
point. Having uniform responses is a security issue, after all. I just
hacked that together as
yes ""|./makecert.sh
but you could also work that into the script itself when it calls
openssl. In my ideal world, I guess the openssl command would have a
"hit enter to everything" command-line option.
Let me know if/when you want nym to become an official part of the
freehaven/tor sites. :) We can help with documentation and screenshots
and publicity, and maybe more if there's something you need.
Thanks,
--Roger