Re: [jxtaim-dev] PKI/Cryptography in JIM

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 2004-07-07 at 01:27, Alexander Sack wrote:
> Hi,
> 
> >I'm happy and keen to talk, and interested how jxta supports trust.
> >
> >  
> >
> We are currently supporting point to point integrity and privacy 
> leveraging public private key
> mechanisms, but have not yet come to decide on which trust model we can 
> put this to ensure
> complete trustable p2p for our IM. I currently cannot tell how the jxta 
> base system suggest this
> to be solved, but AFAIK jxta at the current state does not ship with a 
> complete PKI.
> 
I read on the JXTA site about Poblano - the distributed trust network
envisaged for JXTA. This does not limit which PKI to use (they talk
about X.509 and PGP).

> For our jxta based messenger, some kind of community based trust - like 
> known from pgp - seems to be
> reasonable. But as I mentioned we have not yet been working on adding 
> trust, so this chapter is a completely unresolved issue at the moment. 
> All help and ideas on improving this are welcome.
> 
SPKI can work virtually identically to PGP. On the other hand it can
work just like X.509! One difference to them both, is its integral
authorisation capability.

> In order to figure out, howto add some kind of PKI infrastructure to the 
> jxta network (especially
> the groups of our IM) I need to know some details on your PKI 
> technology. What kind
> of database (keystore) do you rely upon to establish trust? Do you
> access a central database with public keys and certificates or is it 
> kept adaptable in some way, so an application developer can decide where 
> and howto get certain certificates to establish trust?
> I am curious about this, because at best we would find a solution to use 
> jxta means
> to store the data of the trust database and thus I think its likely that 
> lookup mechanisms,
> etc. included in the current SPKI implementation (if any) will not work 
> out of the box for
> jxta-only/jsdsi.
> 
jsdsi is still an early product (like JIM) and does not (and will not)
limit its use to one model. Both a centralised or totally distributed
certifcate store model will be catered for. Currently we have an
in-memory store (mainly for testing), an LDAP store and a protoype jdbc
store. Creating a 'java keystore' approach will be trivial (jsdsi JCE
enabled, with its own Provider etc.)

> What do you think?
> 
I think I should approach the JXTA group and make sure they are aware of
SPKI.

I also think that all the jsdsi users/developers (and people in the SPKI
world) would love the idea of a SPKI enabled IM.

I'll try to get time to read more about JXTA over the next few days.

Thanks,

Sean

> 
> >Regards,
> >
> >
> >Sean
> >
> >  
> >
> Cheers,
> 
> Alexander
> 
> p.s. sorry I had no time to read your website in detail yet - I will 
> look into it ASAP
-- 
Dr. Sean Radford, MBBS, MSc
sra...@bl...
http://bladesys.demon.co.uk/