Pseudonymity for tor: nym-0.1 (fwd)
Jason Holt
jason at lunkwill.org
Wed Sep 28 21:51:32 EDT 2005
---------- Forwarded message ----------
Date: Thu, 29 Sep 2005 01:49:26 +0000 (UTC)
From: Jason Holt <jason at lunkwill.org>
To: or-talk at seul.org
Subject: Pseudonymity for tor: nym-0.1
Per the recent discussion regarding tor and wikipedia, I've hacked together an
implementation of the basic system from Chaum, Fiat and Naor's 1990
"Untraceable Electronic Cash" paper. This system allows CAs to blindly issue
tokens (or "coins") which can then be "spent" elsewhere. It runs in perl, and
comprises a CA, nym-maker, client application and auth checker (for the
server).
The tarball is here:
http://www.lunkwill.org/src/nym/
Of course, it's useless at the moment since it gives out tokens
indiscriminately (and probably has massive bugs), but if anyone actually cares
about this idea, it will be (more or less) easy to do the following:
* Put up a sample CA and server that people can use (potentially as hidden
services).
* Make the CA issue only one token per email address, or one token per IP
address, one per computational puzzle, one for every $20 mailed in...
* Automatically expire CA keys and generate new ones on a regular basis (rather
than bothering with CRLs)
* Instead of randomly generated tokens, have the CA sign an actual X.509 cert
request, which will then become a perfectly valid X.509 cert useful as a
client-side cert in unmodified browsers and web servers
* Create some sort of aid for maintaining server-side (or CA) blacklists of
improperly behaving users
* Check to see if the protocol is actually still secure and properly
implemented.
Comments welcome.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list