jxtaim-developers

[jxtaim-dev] PKI/Cryptography in JIM

[Sean R. <sra...@bl...>]

Hi,

Was just doing my 'routine' prowl of projects on sf.net and came across
JIM and thought...

I wonder if these guys have looked at SPKI, and about utilising that in
JIM...

In case you did not know, SPKI stands for Simple Public Key
Infrastructure and is a fully distributed public key infrastructure
(similar but more powerful than PGP) of which there is an active project
on sf.net (http://jsdsi.sf.net/) that has good input from the SPKI
designer (who has recently been snapped up by Microsoft...).

(I'm a jsdsi developer by the way)

I'm happy and keen to talk, and interested how jxta supports trust.

Regards,


Sean

-- 
Dr. Sean Radford, MBBS, MSc
sra...@bl...
http://bladesys.demon.co.uk/

Re: [jxtaim-dev] PKI/Cryptography in JIM

[Alexander S. <as...@jw...>]

Hi,

>I'm happy and keen to talk, and interested how jxta supports trust.
>
>  
>
We are currently supporting point to point integrity and privacy 
leveraging public private key
mechanisms, but have not yet come to decide on which trust model we can 
put this to ensure
complete trustable p2p for our IM. I currently cannot tell how the jxta 
base system suggest this
to be solved, but AFAIK jxta at the current state does not ship with a 
complete PKI.

For our jxta based messenger, some kind of community based trust - like 
known from pgp - seems to be
reasonable. But as I mentioned we have not yet been working on adding 
trust, so this chapter is a completely unresolved issue at the moment. 
All help and ideas on improving this are welcome.

In order to figure out, howto add some kind of PKI infrastructure to the 
jxta network (especially
the groups of our IM) I need to know some details on your PKI 
technology. What kind
of database (keystore) do you rely upon to establish trust? Do you
access a central database with public keys and certificates or is it 
kept adaptable in some way, so an application developer can decide where 
and howto get certain certificates to establish trust?

I am curious about this, because at best we would find a solution to use 
jxta means
to store the data of the trust database and thus I think its likely that 
lookup mechanisms,
etc. included in the current SPKI implementation (if any) will not work 
out of the box for
jxta-only/jsdsi.

What do you think?


>Regards,
>
>
>Sean
>
>  
>
Cheers,

Alexander

p.s. sorry I had no time to read your website in detail yet - I will 
look into it ASAP

-- 
 GPG messages preferred. |  .''`.  ** Debian GNU/Linux **
 Alexander Sack          | : :' :      The  universal
 as...@jw...         | `. `'      Operating System
 http://www.jwsdot.com/  |   `-    http://www.debian.org/

Re: [jxtaim-dev] PKI/Cryptography in JIM

[Sean R. <sra...@bl...>]

On Wed, 2004-07-07 at 01:27, Alexander Sack wrote:
> Hi,
> 
> >I'm happy and keen to talk, and interested how jxta supports trust.
> >
> >  
> >
> We are currently supporting point to point integrity and privacy 
> leveraging public private key
> mechanisms, but have not yet come to decide on which trust model we can 
> put this to ensure
> complete trustable p2p for our IM. I currently cannot tell how the jxta 
> base system suggest this
> to be solved, but AFAIK jxta at the current state does not ship with a 
> complete PKI.
> 
I read on the JXTA site about Poblano - the distributed trust network
envisaged for JXTA. This does not limit which PKI to use (they talk
about X.509 and PGP).


> For our jxta based messenger, some kind of community based trust - like 
> known from pgp - seems to be
> reasonable. But as I mentioned we have not yet been working on adding 
> trust, so this chapter is a completely unresolved issue at the moment. 
> All help and ideas on improving this are welcome.
> 
SPKI can work virtually identically to PGP. On the other hand it can
work just like X.509! One difference to them both, is its integral
authorisation capability.


> In order to figure out, howto add some kind of PKI infrastructure to the 
> jxta network (especially
> the groups of our IM) I need to know some details on your PKI 
> technology. What kind
> of database (keystore) do you rely upon to establish trust? Do you
> access a central database with public keys and certificates or is it 
> kept adaptable in some way, so an application developer can decide where 
> and howto get certain certificates to establish trust?
> I am curious about this, because at best we would find a solution to use 
> jxta means
> to store the data of the trust database and thus I think its likely that 
> lookup mechanisms,
> etc. included in the current SPKI implementation (if any) will not work 
> out of the box for
> jxta-only/jsdsi.
> 
jsdsi is still an early product (like JIM) and does not (and will not)
limit its use to one model. Both a centralised or totally distributed
certifcate store model will be catered for. Currently we have an
in-memory store (mainly for testing), an LDAP store and a protoype jdbc
store. Creating a 'java keystore' approach will be trivial (jsdsi JCE
enabled, with its own Provider etc.)


> What do you think?
> 
I think I should approach the JXTA group and make sure they are aware of
SPKI.

I also think that all the jsdsi users/developers (and people in the SPKI
world) would love the idea of a SPKI enabled IM.

I'll try to get time to read more about JXTA over the next few days.

Thanks,

Sean

> 
> >Regards,
> >
> >
> >Sean
> >
> >  
> >
> Cheers,
> 
> Alexander
> 
> p.s. sorry I had no time to read your website in detail yet - I will 
> look into it ASAP
-- 
Dr. Sean Radford, MBBS, MSc
sra...@bl...
http://bladesys.demon.co.uk/