Permalink
Browse files

Fixed missing files.

  • Loading branch information...
wiki-server
wiki-server committed Sep 2, 2011
1 parent 8dc9206 commit 275e88858a0a5a694238d034ea4622a42fcedb0c
View
@@ -1,16 +1,9 @@
# Docs
-### Recommended Reading
-[Introduction to Anonymity](https://wiki.crypto.is/page/md%2Fguides%2Fintroduction-to-anonymity.md) is a quick introduction to anonymity itself.
+### Reading & Research
-This [Recommended Reading][1] list is a collection of articles we found
-particurally interesting, and you may as well.
+For individuals interested in crypto, privacy, anonymity - take a look [at this collection](/docs/reading/) of blog posts and research papers.
- [1]: http://crypto.is/docs/reading/
-
-### Research
-
-Go to the [Research][2] section to read more
-
- [2]: http://crypto.is/docs/research/
+### Guides
+This section is a collection of [tutorials, setup guides, and manuals](/guides/) for individuals to use.
@@ -0,0 +1,166 @@
+# How Convergence Works
+
+
+This is a follow-up to the very basic overview given in the
+[Setting Up and Using Convergence](1) guide.
+
+At the time of writing there appears to be no official documentation on the
+design and inner workings of Convergence.
+So this is an account of reading through the
+[source code](2).
+It's not a lot, go check it out. ;)
+Anyway, a disclaimer is in order.
+This is all reverse-engineering;
+any of the details may be wrong, inaccurate, or missing.
+Take with a grain of salt!
+
+
+## Overview
+
+Before going into details, let's revisit the classic way to do things:
+In order to be trusted,
+a site's SSL key has to be signed by one of a long list of *certificate
+authorities* (CAs).
+Every browser ships with this list and they mostly agree on who's on it.
+If an attacker can get *any one* of the CAs to sign a fake certificate,
+he can impersonate a site and nobody might notice for quite a while.
+
+Convergence introduces the concept of *notaries* into the picture.
+A notary is a simple service.
+It retrieves, verifies, and remembers
+the certificates of sites visited by its users.
+Every user of the notary, upon visiting a website,
+simply asks whether the certificate they see
+matches the one seen by the notary.
+To avoid being easily fooled,
+every user chooses several notaries to consult in parallel.
+
+
+## Anatomy
+
+### Client Certificate Cache
+
+Assuming, through the notary system,
+a Convergence-enabled web browser has gained confidence
+in the authenticity of a given certificate.
+It saves a tuple containing the following:
+
+ * *host name* of the site from which the cert was received
+ * *port number* of the site
+ * *fingerprint*, i.e. cryptographic hash of the certificate
+
+The current implementation saves these cache entries in an SQLite database.
+Cf. [NativeCertificateCache.js](3) and [ConnectionWorker.js](4).
+
+### Notary Certificate Cache
+
+Much like the client, each notary remembers
+every certificate it has successfully verified:
+
+ * site's host name
+ * site's port number
+ * certificate fingerprint
+
+This is a "positive-answer" cache.
+If a request comes in and a matching entry is found,
+the answer is positive,
+i.e. the certificate is trusted.
+If no match is found,
+the certificate is looked up and verified from its source.
+
+Note: All three elements are compared when looking for a match.
+So a site can have multiple valid fingerprints.
+
+The current code records the first and last times
+it has seen a certificate,
+but it does not seem to purge them at any point.
+[Confirm?]
+
+Cf. [CacheUpdater.py](5), [FingerprintDatabase.py](6)
+
+### Client Certificate Check
+
+To get control of the SSL connections made by the browser
+and to show its custom certificate status,
+Convergence hijacks the connections as a man-in-the-middle.
+If the site certificate checks out behind the "MITM gap"
+(!), a dummy certificate is presented to the browser
+in front.
+The dummy cert is set to be trusted and thus
+makes the SSL connection show up as verified.
+
+Cf. [ConnectionManager.js](7)
+
+When the browser wants to set up a new connection:
+
+1. Convergence grabs it, sets up its two endpoints.
+2. Establishes the actual connection to the remote site.
+3. Retrieves the SSL cert.
+4. Looks up (host, port, cert) in the local cache.
+5. If that tuple is in the cache, cert is OK.
+6. Otherwise, consults the notaries
+7. If cache or notaries say OK,
+ cache the result and
+ present the good dummy cert to the frontend.
+
+Consulting the notaries means, for each:
+
+1. Establish an SSL connection to the notary.
+2. Make an HTTP request containing (host, port, cert).
+3. Notary does its thing, returns OK or NOK.
+4. Depending on the configuration,
+ combine all the answers into one final OK/NOK.
+ The default is to require a *majority* of notaries
+ to OK the cert.
+
+In order for the notaries' answers to be trustworthy,
+the SSL connections to them must be trusted.
+This is the bootstrap problem.
+Convergence deals with it by saving the certificate of
+each notary at the time it is added to the configuration.
+This typically happens by the user downloading a `.notary` file
+which contains the cert and will be imported by Convergence.
+
+### Notary Certificate Check
+
+When asked to verify a (host, port, cert) tuple,
+a notary performs the following steps:
+
+1. Look for (host, port, cert) in the cache.
+2. If that tuple is found, cert is OK.
+3. Otherwise, establish SSL connection to host and note the cert returned.
+4. Verify the site's cert according to the classic (CA) model.
+ [Confirm this?! What's the CA list used? CRLs?]
+5. If the returned cert does not validate, abort and return NOK.
+6. If the returned cert validates, add to/update the cache.
+7. If the returned cert matches the one given, return OK, else NOK.
+
+
+### Notary Connection Anonymization
+
+In order to avoid your notaries learning about your browsing habits,
+Convergence supports a simple anonymizing proxy function.
+In addition to the business HTTPS queries,
+the notary also responds to HTTP CONNECT requests.
+These allow the entire SSL connection to another notary to be proxied.
+
+In order to avoid being usable as a completety open proxy,
+however, the software is hard-coded to only accept proxy
+requests to the arbitrarily-chosen destination port 4242.
+
+So in addition to the normal SSL port,
+the notary listens for SSL on 4242 to support this function.
+
+
+## Security Considerations
+
+TODO
+
+
+[1]: https://wiki.crypto.is/page/md/guides/setting-up-and-using-convergence.md
+[2]: https://github.com/moxie0/Convergence
+[3]: https://github.com/moxie0/Convergence/blob/a7a702ae8c8eca77a5e3dd6c194cccaa49c30f35/client/chrome/content/ssl/NativeCertificateCache.js
+[4]: https://github.com/moxie0/Convergence/blob/a7a702ae8c8eca77a5e3dd6c194cccaa49c30f35/client/chrome/content/workers/ConnectionWorker.js
+[5]: https://github.com/moxie0/Convergence/blob/a7a702ae8c8eca77a5e3dd6c194cccaa49c30f35/server/convergence/CacheUpdater.py
+[6]: https://github.com/moxie0/Convergence/blob/a7a702ae8c8eca77a5e3dd6c194cccaa49c30f35/server/convergence/FingerprintDatabase.py
+[7]: https://github.com/moxie0/Convergence/blob/a7a702ae8c8eca77a5e3dd6c194cccaa49c30f35/client/components/ConnectionManager.js
@@ -0,0 +1 @@
+# Introduction to Email Security Privacy and Anonymity
@@ -0,0 +1 @@
+# Introduction to Your Key and GPG
View
@@ -1,3 +1,3 @@
# Contribute Goods
-The Crypto Project aims to run anonymity services such as tor, remailers, and others. If you can provide server space, bandwidth, or other resources - we may be able to work with you to help or run the services for you on your contributions. Please get in touch.
+The Crypto Project aims to run anonymity services such as tor, remailers, and others. If you can provide server space, bandwidth, or other resources - we may be able to work with you to help or run the services for you on your contributions. Please [get in touch](/about/).
View
@@ -1,29 +1,18 @@
# Interact
-There are many ways to interact and get involved with the various anonymity
-projects out there. To get involved with The Crypto Project:
+There are many ways to interact and get involved with Crypto.is and the various anonymity projects out there.
### Mailing Lists
-Join in on a mailing list and get involved in the conversation. The current
-and temporary home for The Crypto Project is at remailer@librelist.com. To
-join in and follow this list simply send a message to remailer@librelist.com
-and you will be subscribed. Your message will be dropped and you will be
-notified of your subscription.
+Crypto.is has its own mailing list, and there are [a number of additional mailing lists for other anonymity projects](/interact/mailing_lists/) you can join to keep tabs on development.
### Chat on IRC
-Join in on the conversation on the #cryptodotis channel on OFTC. Most of The
-Crypto Project conversation goes on there as well as conversation related to
-the various supported projects (like remailers).
+Join in on the conversation on the #cryptodotis channel on OFTC. Most of The Crypto Project conversation goes on there as well as conversation related to various projects .
### Donate Your Time
-Are you a developer? Can you write documentation? The Crypto Project is
-looking for anyone that can contribute to a project in anyway. Check out
-[Contributing Time][1] for more information.
-
- [1]: http://crypto.is/interact/time/
+Are you a developer? Can you write documentation? The Crypto Project is looking for anyone that can contribute to a project in anyway. Check out [Contributing Time](/interact/time/) for more information.
### Fund Anonymity Servers
@@ -39,5 +28,5 @@ server yourself. The Crypto Projects aims to create a master set of tutorials
and guides for all who are looking to set up servers. Check out [Contributing
Goods][3] to find links to more information on how you can help.
- [3]: http://crypto.is/interact/goods/
+Something any anonymity networks needs... is the network. If you can donate servers, space, or bandwidth we can help you put it to good use. Check out [Contributing Goods](/interact/goods/) or [get in touch](/about/).
View
@@ -4,30 +4,13 @@ Crypto.is has begun work on a few things it calls projects:
### [Code Audit Feed](/projects/audit/)
-Writing secure code is hard. But if everyone is intimidated by the prospect,
-no secure code would be written. The Code Audit Feed seeks to be a single feed
-of commits to crypto and anonyminity tools. It is the hope that an easy to
-skim feed of changes will encourage people to watch projects for changes
-relating to their area of expertise so they can audit and prehaps become
-involved in the project.
-
-### [Intro to Crypto](/projects/intro/)
-
-These series of articles aim to show the layperson what benefits using
-cryptography and anonyminity software can provide them, how to install and use
-the software, and finally how to give back to the community by running
-services of their own.
+Writing secure code is hard. But if everyone is intimidated by the prospect, no secure code would be written. The Code Audit Feed seeks to be a single feed of commits to crypto and anonyminity tools. It is the hope that an easy to skim feed of changes will encourage people to watch projects for changes relating to their area of expertise so they can audit and prehaps become involved in the project.
### [Code Clearing House](/projects/cch/)
-It can be a wide internet out there. This project aims to group security and
-anonyminity software, provide an overview of what it does and doesn't provide,
-and links to further resources.
+It can be a wide internet out there. This project aims to group security and anonyminity software, provide an overview of what it does and doesn't provide, and links to further resources.
### [Bleeding Edge](/projects/bleeding/)
-This area is meant to be a testbed of bleeding edge technologies like Strict
-Transport Security. While not a comprehensive walkthrough - we hope to provide
-enough information for experienced sysadmins to set up bleeding edge features,
-as well as link to existing implementations.
+This area is meant to be a testbed of new technologies and protocols. We hope to provide enough information for experienced sysadmins to set up bleeding edge features, as well as link to existing implementations.
View
@@ -0,0 +1 @@
+# The Network

0 comments on commit 275e888

Please sign in to comment.