Dr Bob wrote:

>Dear OpenSSL developers,
>
>I've been developing an private peer-to-peer application based on OpenSSL
>(Thank you, to all the developers who have put time into OpenSSL)
>
>Initially I used X509 certificates for the authentication between
>peers, However I quickly realised that a hierarchical certificate
>structure was not ideal, and that a Web of Trust system
>would be required.
>
>So I've implemented an web-of-trust style authentication system
>inside OpenSSL. It is basically a combination of OpenPGP style
>certificates and SSL3/TSL1 connection
>
>After 6+ months of work, I've finished the first working prototype.
>and would like to share it with the OpenSSL developers of the
>world (and contribute back). Hence this email!
>
>So:
>(1) Is OpenSSL interested in including this work into the
> code base (provided its up-to-scratch etc...) ?
>(2) If so, is there anyone who could [guide/help] me to clean it up
> and correctly merge the code?
>(3) What are the procedures for doing so (I'm new around here)
>
>I haven't put the code on the website yet, (soon... there is never
>enough time to get everything done). but you can see it at work
>in my application: RetroShare available at http://www.lunamutt.com.
>
>Looking forward to any comments.
>
>Thanks.
>
>Mark.
>
>
>-----------------------------------------------------------------------------------------------
>More information about the implementation follows.
>
>The work was done on openssl-0.9.7g, and consisted of the following
>modifications:
>(a) define a ASN1 web-of-trust certificate (a XPGP Certificate) +
>implement helper functions.
>(b) create a XPGP_method() derived from the ssl3 methods.
> This effectively uses the XPGP certificate instead of the X509
>certificate. (all the rest is the same)
>(c) create a web-of-trust authentication system.
>
>Most of the implementation fits in nicely with the rest of openSSL.
>The most significant issues are:
>(1) the SSL part of OpenSSL does not allow alternative certificate types, I
> therefore transformed "CERT" into a union. (I'm all ears for
>alternatives)
>(2) The Authentication System is current rather crude and inefficient,
>and is
> not connected to the STOREs in anyway. (probably needs a redesign)
>(3) the Certificate Definition needs to be checked. (would like to make
>it compatible with GPG/OpenPGP etc)
>
>
>
>__________________________________________________ ____________________
>OpenSSL Project http://www.openssl.org
>Development Mailing List openssl-dev@openssl.org
>Automated List Manager majordomo@openssl.org
>
>


Dear DR Bob

i installed retroshare on windows
some questions :
whats the gui library name
why retroshare uses selfsigned pgp certificate .
how can i find more people usinn this software

regrads

______________________
Shahin Khorasani
PKI Dept.
Sharif SecureWare Co.
www.parssign.com
______________________


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org