[ULS-SIG] Encryption and identity

Duncan McGreggor duncan.mcgreggor at gmail.com
Sun Jul 10 21:20:15 CEST 2011

On Sun, Jul 10, 2011 at 11:48 AM, Duncan McGreggor
<duncan.mcgreggor at gmail.com> wrote:
> On Sat, Jul 9, 2011 at 10:07 PM, Duncan McGreggor
> <duncan.mcgreggor at gmail.com> wrote:
>> On Sat, Jul 9, 2011 at 6:51 PM, Duncan McGreggor
>> <duncan.mcgreggor at gmail.com> wrote:
>>> Zooko and Brian,
>>> You guys are the first two people I think of when I start thinking
>>> about good security in Python code :-)
>>> I'm doing some experimentation with some of the concepts that underly
>>> ultra large-scale systems... in particular, I'm exploring "governance"
>>> of nodes in an abstract network/mesh. I'm preparing to implement some
>>> voting procedures whereby nodes in a network can elect a leader node
>>> to act as a proxy between the other nodes and a larger network
>>> (limiting flooding, providing dynamic routing, etc.).
>>> This quickly led to concerns of rogue nodes, "stuffed ballot boxes",
>>> etc. The first experiments are toy: taking place in a single Python
>>> process. What mechanisms would you suggest I use to ensure that only
>>> known nodes are allowed to vote? My first thought was public/private
>>> keys generated by the nodes. Similarly, for encrypting data between
>>> nodes.
>>> I'd like to have the implementation be as light-weight as possible...
>>> eventually, this is the sort of thing that could go into masses of
>>> tiny devices, e.g., health and environment monitoring nodes in a
>>> hospital, carried on internal ventilation currents, attached to
>>> walls/clothing/etc, adhered to patients, etc.
>>> Are there good papers you would recommend reading? Blog posts? Source code?
>>> Thanks!
>>> d
>> A couple years ago, Alex Martelli recommended using pycrypto:
>>  http://stackoverflow.com/questions/1137874/recommended-python-cryptographic-module/1138183#1138183
>> I'm checking out the latest here:
>>  https://github.com/dlitz/pycrypto
>> From the README:
>> """
>> Another application is in writing daemons and
>> servers.  Clients and servers can encrypt the data being exchanged and
>> mutually authenticate themselves; daemons can encrypt private data for
>> added security.  Python also provides a pleasant framework for
>> prototyping and experimentation with cryptographic algorithms; thanks
>> to its arbitrary-length integers, public key algorithms are easily
>> implemented.
>> """
>> Thoughts anyone?
>> d
> Poking around some more, and just found this fantastic blog post:
>  http://www.laurentluce.com/posts/python-and-cryptography-with-pycrypto/
> Nicely done...
> d

Based on the blog post above and source code found here:

I've done the following:
 * Added three new security-oriented patterns to the experimentation
google doc ( Patterns 10-12)
 * Started work on a basic security implementation for nodes (pushed
to the repo, but prototype-level only)

For the SPKI, I've been looking at these documents:
 * "Establishing Identity Without Certification Authorities" -
 * "SPKI Requirements" - http://tools.ietf.org/html/rfc2692
 * "SPKI Certificate Theory" - http://tools.ietf.org/html/rfc2693

Although I can test the basic encryption setup I've got in place right
now, it will be more meaningful with an SPKI in place, so I'll spend
some time seeing if I can prototype one.


More information about the ULS-SIG mailing list