archive snowblossom slack dev
prev 2018-09-17 next
2018-09-17 17:06:53
Fireduck
/github subscribe snowblossomcoin/channels
2018-09-17 20:35:00
Fireduck
this ssl thing is kicking my ass
2018-09-17 20:35:19
Fireduck
urge to rewrite my own TLS rising
2018-09-17 20:35:40
Fireduck
isn't like I haven't done it before
2018-09-17 21:27:53
Rotonen
i’ll leave you an emotional support scarecrow: bytewise
2018-09-17 21:28:18
Fireduck
I think I got it (kinda)
2018-09-17 21:28:26
Fireduck
* EC ssl doesn't work, not sure why
2018-09-17 21:28:37
Fireduck
* for some reason, I need some strange library to do SSL at all
2018-09-17 21:28:54
Fireduck
* the trust manager is impossible to actually override to meet my needs (but I have a work around)
2018-09-17 21:29:41
Fireduck
* I can do wildcard hostnames (good, since I'll be passing in explicit certs to trust for each connection)
2018-09-17 21:30:00
Fireduck
Doesn't seem to work with connecting via IP though, which will be the common use case
2018-09-17 21:30:21
Fireduck
wouldn't be a problem if I could write my own cert validator that checks for what I expect
2018-09-17 21:31:03
Fireduck
I'm trying to make a system where when peers gossip they always share remote_host + public key so when a client goes to connect to that peer they know what key the cert should already be signed with
2018-09-17 21:31:13
Fireduck
but that requires making my own certificate validator
2018-09-17 21:31:44
Fireduck
which is one of those things where I can almost do it, I can pass in a new TrustManagerFactory that can vend TrustManagers that do what I need
2018-09-17 21:32:23
Fireduck
except, I can't. There is only one concrete implementation of TrustManagerFactory and I can't override the method I need. Actually, maybe it is just vending a protected list that I can modify...time to RTFC on that
2018-09-17 21:33:51
Fireduck
oh silly me, I needed to make the trust manager factory with a custom TrustManagerFactorySpi, which I can define
2018-09-17 21:52:40
Rotonen
you're sorta talking of rolling your own PKI trust store autoinclusion mechanism?
2018-09-17 21:52:55
Rotonen
what if the first thing broadcast for a host is a malicious pubkey?
2018-09-17 21:55:26
Fireduck
yeah, certificate authorities are bullshit
2018-09-17 21:55:43
Fireduck
and unlike the web browsing case, there isn't really a trust relationship being built
2018-09-17 21:56:19
Fireduck
a node doesn't trust another node for anything, it is just a way to ensure that a node is securely reaching the node it intends to in a difficult to monitor way
2018-09-17 21:56:49
Fireduck
if someone wants to make a node that broadcasts a bunch of things to try go get people to send traffic through it in order to gather information, that is fine
2018-09-17 21:56:57
Fireduck
I mean, I can't prevent that
2018-09-17 21:58:24
Fireduck
If you want to mitm it, you'll have to get all up in the protocol and start broadcasting your own stuff for nodes and keys that you do control
2018-09-17 21:59:15
Rotonen
i have no idea as to what you are doing, i'm just pointing out something on which i spotted a pattern i've seen before
2018-09-17 22:00:53
Clueless
@Fireduck I happen to be working on my own self signed CA with selective oscp stapling.
2018-09-17 22:01:03
Clueless
indeed a pain
2018-09-17 22:01:13
Fireduck
The short version, is I am making a social content distribution system and I want to make it so for an ISP to figure out what their users were interested in would be very hard
2018-09-17 22:01:51
Fireduck
TLS seems way more complex than it needs to be, but I don't understand enough of what it can do to make such wide statements
2018-09-17 22:02:43
Rotonen
diffie-helman, xor in either blocks or streams with chosen parametres with known drawbacks
2018-09-17 22:02:53
Clueless
@Fireduck perhaps each "channel" can act as its own CA, and moderators and users can be enabled by signing their certs/crls
2018-09-17 22:03:23
Rotonen
or did they actually reinvent the wheel for tls 1.3? have not followed up
2018-09-17 22:03:47
Fireduck
@Clueless that is an interesting idea for a closed or limited access channel
2018-09-17 22:04:06
Fireduck
but if I go that route, I'll have signed protobuf messages and not invovle x509 bullshit
2018-09-17 22:04:25
Fireduck
only touching x509 and normal certs to get the secure communication between nodes setup
2018-09-17 22:04:45
Clueless
x509 would enable easier enterprise integration, but publickey stuff should be fine
2018-09-17 22:05:10
Fireduck
enterprise integration implies there is some enterprise that actually knows wtf to do with x509 :wink:
2018-09-17 22:05:24
Clueless
I'm definitely thinking an organization might typically own one or multiple channels
2018-09-17 22:05:32
Fireduck
sure
2018-09-17 22:05:52
Clueless
so perhaps an organization can stake itself on the blockchain, and then act as the CA for channels
2018-09-17 22:06:03
Rotonen
indeed, most cert revocations i've seen have been signing key trust deprecations
2018-09-17 22:06:05
Clueless
is just kinda bouncing ideas off the wall without knowing what you're actually working on
2018-09-17 22:08:13
Fireduck
Don't really need a CA. The basic peer to peer setup will be a node comes up with its own keypair, broadcasts its connect information (IPs, hostname, port, public key), and signs that
2018-09-17 22:08:33
Fireduck
not entirely clear on what that gets me, I am just trying to reduce surface area for intermediate nodes to screw with things
2018-09-17 22:09:38
Fireduck
nodes can of course select to not propogate data but they can't tamper without breaking signatures
2018-09-17 22:13:04
Fireduck
Anyways, just trying to make it hard for people to figure out what a particular node is interested in for privacy reasons
2018-09-17 22:13:27
Fireduck
it won't be impossible, but I'm trying to make it so to find out you'll have to connect to the node and ask it about every possible channel
2018-09-17 22:13:45
Fireduck
which we can add throttling/DoS protections to