Pondering the whole public-key integrity & man in the middle attack problem, a thought occurred to me:- It should be possible to devise a peer-based system similar to freenet for the distribution of public-key data in an attack resistant manner. Essentially, such a system could use encrypted links between each peer in the system, where the shared-secret for each link is initially exchanged using public-key crypto. To prevent the attack being shifted to the replacement of the public-keys of the nodes, the public key of the first node any new node connects to could be transferred over a trusted channel, or the fingerprint of the key could be confirmed. Once the first few trustworthy keys are established, the link can then be used to transfer the public keys of other nodes in the network the client wishes to connect to, and the network can then be used to request any public-key that has been placed on the network (perhaps indexed by email address, so plugins could be made for major mail clients to securely retrieve public keys of any person you wish to send data to. Each client in the network can store, along with the key itself, data on the trustworthiness of that public key, based on what sources it was obtained from, and whenever a key is requested, the trustworthiness value depends on how many channels the key was recieved on, and the trustworthiness value of each. - This system could be refined further to give an accurate idea of how trustworthy a given key is. Since the keys are delivered over multiple different links through the network, and the actual links are encrypted (with the links directly or indirectly verified over a secure channel such as a telephone conversation or physical meeting), replacing or corrupting a key would require that at least one node on every path from datastore to requester be malicious, a feat that, in any reasonable sized and well-connected network should be next-to impossible. Naturally, intefering would be easier, as any malicious node could return a key of it's own, but this is certain to be detected since multiple different keys would be returned for a request. I realise this system will not give perfect trustworthiness, but I think it could be a massive improvement on systems such as http-requests to retrieve public keys. Questions, comments? Does anyone see this as a practical or desirable scheme? Does anyone see obvious flaws or reasons this would not work?
Thanks, Nick Johnson --Crossposted to sci.crypt and the freenet-tech mailing list-- _______________________________________________ freenet-tech mailing list [EMAIL PROTECTED] http://lists.freenetproject.org/mailman/listinfo/tech
