This is a discussion on Re: Web-of-trust authentication in OpenSSL. - Openssl ; Dr Bob wrote: >Dear OpenSSL developers, > >I've been developing an private peer-to-peer application based on OpenSSL >(Thank you, to all the developers who have put time into OpenSSL) > >Initially I used X509 certificates for the authentication between >peers, ...
Dr Bob wrote:
>Dear OpenSSL developers,
>I've been developing an private peer-to-peer application based on OpenSSL
>(Thank you, to all the developers who have put time into OpenSSL)
>Initially I used X509 certificates for the authentication between
>peers, However I quickly realised that a hierarchical certificate
>structure was not ideal, and that a Web of Trust system
>would be required.
>So I've implemented an web-of-trust style authentication system
>inside OpenSSL. It is basically a combination of OpenPGP style
>certificates and SSL3/TSL1 connection
>After 6+ months of work, I've finished the first working prototype.
>and would like to share it with the OpenSSL developers of the
>world (and contribute back). Hence this email!
>(1) Is OpenSSL interested in including this work into the
> code base (provided its up-to-scratch etc...) ?
>(2) If so, is there anyone who could [guide/help] me to clean it up
> and correctly merge the code?
>(3) What are the procedures for doing so (I'm new around here)
>I haven't put the code on the website yet, (soon... there is never
>enough time to get everything done). but you can see it at work
>in my application: RetroShare available at http://www.lunamutt.com.
>Looking forward to any comments.
>More information about the implementation follows.
>The work was done on openssl-0.9.7g, and consisted of the following
>(a) define a ASN1 web-of-trust certificate (a XPGP Certificate) +
>implement helper functions.
>(b) create a XPGP_method() derived from the ssl3 methods.
> This effectively uses the XPGP certificate instead of the X509
>certificate. (all the rest is the same)
>(c) create a web-of-trust authentication system.
>Most of the implementation fits in nicely with the rest of openSSL.
>The most significant issues are:
>(1) the SSL part of OpenSSL does not allow alternative certificate types, I
> therefore transformed "CERT" into a union. (I'm all ears for
>(2) The Authentication System is current rather crude and inefficient,
> not connected to the STOREs in anyway. (probably needs a redesign)
>(3) the Certificate Definition needs to be checked. (would like to make
>it compatible with GPG/OpenPGP etc)
>OpenSSL Project http://www.openssl.org
>Development Mailing List firstname.lastname@example.org
>Automated List Manager email@example.com
Dear DR Bob
i installed retroshare on windows
some questions :
whats the gui library name
why retroshare uses selfsigned pgp certificate .
how can i find more people usinn this software
Sharif SecureWare Co.
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com