help-gnunet
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Are names unique in EGO?

From: Christian Grothoff
Subject: Re: Are names unique in EGO?
Date: Sun, 19 Apr 2020 21:16:06 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 
Hi!

Ego names are _locally_ unique for the individual user, not _globally_
within GNUnet. Not sure which kind of 'unique' you were asking about.

What you propose seems to be a migration path from GnuPG to GNS. In this
context, I would suggest you should try to find out what pEp is doing:
they have their own (way more complex) key management for e-mail
encryption, and they are _also_ starting to integrate GNS with pEp.
However, I don't know how/where/for what exactly they are integrating
GNS with pEp. Still, it would likely be a good idea to talk to them, and
to maybe look at Sequoia (https://sequoia-pgp.org/).

Happy hacking!

Christian

On 4/18/20 10:25 PM, TheJackiMonster wrote:
> Hey,
> 
> I would like to add authentication and encryption to a chat-client with
> CADET. If I understood the docs correctly then the messages are only
> signed by the key from a peer.
> 
> I thought I could use EGO for that but I'm not sure if the names get
> checked for doubles before creation of an ego. I would guess they
> aren't and if they weren't I would ask how some of you would think
> about this procedure:
> 
>  1. Alice asks Bob for his public-PGP-key and his public-EGO-key. 
>  2. Bob responds with his key.
>  3. Alice sends her public-PGP-key and related email-address of her
> PGP-keypair, encrypted with Bobs public-PGP-key.
>  4. Bob sends a mail encrypted with Alices public-PGP-key and signed
> with his private-PGP-key. The content of the mail is a token only Alice
> can read.
>  5. Alice sends the token (only if it was Bobs signature) to Bob and
> her public-EGO-key, encrypted with Bobs public-EGO-key.
>  6. Bob sends (only if the token matches) a symmetric key back for
> further communication, encrypted with Alices public-EGO-key and
> remembers Alice-EGO-key matching to her email-address.
> 
>  * So in later stages Alice would not need any email-traffic for
> verification her key belongs to her and she could use an EGO-key which
> could be deleted much safer to make sure of forward-secrecy.
> 
> Maybe this is unnecessary or I miss a flaw in this model. So a response
> would be great then I could start implementing a solution.
> 
> Best regards,
> Tobias Frisch
> 
> PS: I would probably use GPGMe to implement the custom procedure
> because it has a pretty good API like GNUnet.
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]