[Go-essp-tech] Question on P2P and signing of registry docs
philip.kershaw at stfc.ac.uk
philip.kershaw at stfc.ac.uk
Thu Jun 2 03:18:31 MDT 2011
Hi Gavin,
> Indeed this was on my mind as well... You are correct signing is
> important and should be done. We can start looking into the
> mechanics of setting up XMLSec as you suggested. With respect to
> security, can we already use the certificate and key present on the
> node (indeed, I think we should be able to), right?
Yes, that would be the natural thing to do.
>I didn't look
> at XMLSec, I briefly was looking at installing GPG's library, or a
> Java crypto library implementation to sign all payloads... using the
> nodes' cert/key.
XMLSec is a standard rather than a library. It is needed not just for
signing algorithms. It encompasses not just signature but also the
translating of XML into a canonical form such that they are suited to byte
for byte comparison in a signature verification process.
>But it begs the question...
>
> Question, why isn't ssl enough? With an SSL connection don't you
> get authentication for "free", which is all we need. If we trust who
> it is coming from, can't we thus trust the information?
Yes, SSL is sufficient in many cases. Stepping back a couple of years,
when determining the security architecture, we deliberately avoided cases
where signature would be needed to keep things simple.
However, this p2p scenario inevitably brings in to play the need for
digital signature. The key issue is that when I pass a registry document,
to another peer I assert information about myself but also information
about other peers too.
So, we all trust each other so what's the problem? Imagine a node is
compromised and then look at the consequences.
1) Without signature. I with the compromised cert can modify my own
registry doc but I can also assert any rubbish I like about anyone else's
2) With signature. I can modify my own registry entry but much as I might
want to, I can't modify anything about anyone else's because they're all
signed.
Cheers,
Phil
>
>
> On 6/1/11 5:07 AM, philip.kershaw at stfc.ac.uk wrote:
>
> Hi Gavin,
>
>I wanted to be on the call yesterday but unfortunately I've been away at
>another meeting. Hello from Pisa :)
>
>One thing I wanted to raise in the context of the P2P architecture was the
>registry interface, and the need to digitally sign registry documents.
>This is something that we talked about at the ESGF meeting in Asheville.
>To restate the problem, any peer can pass to another peer a registry
>document containing registry information for itself and for other peers
>that it has communicated with. Have I got that right?
>
>The recipient of such a document might accept the registry information
>about the sender but how can it verify the registry information contained
>in the document that comes from other peers? The only way to do this is
>for each peer to digitally sign its registry information. That way, on
>receipt of such information, a peer can verify that all the information
>has come from the expected sources and has not been tampered with. This
>is a must for a production system. It would be a straightforward change
>to add XMLSec code to sign content.
>
>Cheers,
>Phil
>
>On 31/05/2011 16:01, "Cinquini, Luca (3880)" <Luca.Cinquini at jpl.nasa.gov>
><mailto:Luca.Cinquini at jpl.nasa.gov>
>wrote:
>
>
>
> Hi all,
> here's the agenda for today's conf call:
>http://www.esgf.org/wiki/EsgfCmip5Meetings
>
>And some background documentation on the p2p Node system:
>
>http://www.esgf.org/wiki/ESGF_Index
>
>thanks, Luca
>_______________________________________________
>GO-ESSP-TECH mailing list
>GO-ESSP-TECH at ucar.eduhttp://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>
>
>
>
>
>
> --
>Gavin M. Bell
>Lawrence Livermore National Labs
>--
>
> "Never mistake a clear view for a short distance."
> -Paul Saffo
>
>(GPG Key - http://rainbow.llnl.gov/dist/keys/gavin.asc)
>
> A796 CE39 9C31 68A4 52A7 1F6B 66B7 B250 21D5 6D3E
>
>
--
Scanned by iCritical.
More information about the GO-ESSP-TECH
mailing list