[dev] [quark] patch

From: Szabolcs Nagy <nsz_AT_port70.net>
Date: Fri, 4 Feb 2011 17:36:55 +0100

i recently implemented a webserver and used some code from quark in it
meanwhile i found minor issues in the code so here is a patch
(some modifications are bugfixes others are debateble,
i leave it to arg to sort it out)


the webserver i'm implementing is used to do secure messaging:
it accepts PUT /key and GET /key requests which store and retrieve
exactly 1K data (so it looks like a key-value store)

(server does not remember the key only the hash of the key,
if GET asks an invalid key then 1K random is generated and stored
under the key)

(the uploaded data is garbage collected: eg after 1 month it gets
deleted from the store, so this is not yet another storage solution,
it's for communication, there are no strong durability guarantees)

the next step is to implement GET /key#hash requests:
the server only answers if the (sha1) hash of the data is different
than the provided one, this can be a communication channel:

-> PUT /key HTTP/1.0\r\nContent-Length: 1024\r\n\r\ndata..
<- HTTP/1.0 200 OK\r\nContent-Type: text/plain\r\n\r\n
-> GET /key#hash-of-data HTTP/1.0\r\n\r\n
<- [waiting..]

at this point both client and server keeps the connection open
until someone modifies the data under the given key, and then
the GET request is answered with the new data

<- HTTP/1.0 200 OK\r\nContent-Type: application/octet-stream..

two client can communicate by sharing a key and updating
the data under the key
(actually many client can follow the communication and
get notification by keeping a connection alive with the
last seen hash, to solve other communication issues
higher level layers can be used ie. data format with meta info)

(security can be ensured by sending requests (keys) over a secure
channel (tls) and sharing keys using eg diffie-hellman method

actually one can encrypt the 1K data with x then use hash(x) as key
so it is enough to share x between the communicating parties
which the server does not even know, decrypting the 1K data is not
possible by just using hash(x).. of course eve can overwrite the
data using PUT /hash(x), but then alice and bob may get notified..

well the design is not complete yet, but probably a secure distributed
communication system can be built on top of this: unlike ip level
communication here the communicated data does not know its destination)

some initial code is available here:
svn co https://www.epointsystem.org/svn/epoint_wallet/trunk/messaging/prototype
(folks here at epointsystem plan to use it for some secure mobile sms thing)

(this is not yet useful in any way but i posted in case someone is interested)

Received on Fri Feb 04 2011 - 17:36:55 CET

This archive was generated by hypermail 2.2.0 : Fri Feb 04 2011 - 17:48:02 CET