TM (messiah@jps.net)
Tue, 18 Aug 1998 16:46:47 -0700 (PDT)
At 7:28 PM -0000 8/18/98, Berke Durak wrote:
>I was dreaming for about two years of a distributed/serverless, encrypted
>(and possibly anonymous) multi-user Internet chat protocol, that would replace
>IRC, and which would not require centralized servers to operate (which
>impose control on users). I'm sure many people are thinking of such a thing.
Crap. This is by no means an original idea, but I always wince when ppl
mention projects I'm working on. Guess I might as well spill the beans.
I've been working on/thinking about a distributed, secure, distributed chat
network for about 2 years now, off and on (mostly off). I've always called
it SafeChat, since that was the first thing that came to mind and it
communicates the program's intentions well.
I've worked out a simple, distributed networking system using TCP/IP, in
which each node acts as both a server and a client. Each node can have many
nodes connected to it, but it can only connect to one other node. When a
node recieves a line of text, it passes it all to all connections except
the one it recieved the text from. This insures that the text is passed on
to all of the nodes. It can be used as a distributed network, or in
traditional client-server mode (all nodes connect to one "server" node).
I haven't decided whether to have one key per network, one key per
connection, or two keys per connection. The first would be the easiest
(requiring less computation on the part of the nodes) but also the least
secure. However, even if two keys per connection are used, if those keys
are cracked, all of the network traffic is exposed.
I was thinking of using the PGP web of trust, since the PGP standard is
already in place, and available for every (almost) OS.
>It could be built over UDP, since TCP is painfully slow over long-distance
>links with important packet loss. Users participating in a chat room would
>relay packets between themselves, possibly anonymising and/or adding cover
>traffic, and possibly optimizing throughput, by adapting themselves to the
>physical configuration of the network. Therefore it would not be possible to
>shutdown discussion, except by blocking packets at routers, which could be
>defeated anyway if some day people start to make independent network links
>between themselves with spread spectrum packet radio; and it would not
>provide a centralized point for collecting traffic, as with current IRC
>servers.
The only way I see for IRC-like chat to get much more anonymous is to hide
the IPs, which don't really tell much about the person on that IP. Blinding
them via cryptographic protocols would only add to the lag of private
messages. It would also mean you couldn't do any direct node-to-node
communication, like file transfers or private chatting (like IRC's CTCP).
>Small "rendez-vous" servers could be used for helping users locating
>themselves, coordinating channel information etc.
Sounds good. The RV ("rendez-vous") server could have a list of IPs in the
network, and when you connect to it, it sends you the IP of a random node
in that network to connect to.
>And some kind of "anonymous identification protocol" that would allow users
>knowing each other to mutually identify themselves, without revealing any
>information on their identities if they don't, while allowing individuals to
>remain "unknown" for people they know but do not wish to discuss with that
>day would be very useful.
I like the PGP web of trust scheme, since it's decentralized and doesn't
require a trusted third party.
>This is the single cryptographic project that would most benefit mankind, I
>guess.
Actually, the single crypto project which would benefit humankind the most
is a total rework of the world's communications networks. I guess we'll
have to settle for the chat program, tho. :)
>It would enable free, anonymous real-time "speech" on the net. Real-time
>speech being much more "dangerous" than mailing lists or newsgroups,
>widespread use of this "cooperative chat protocol" could however speedup the
>process of outlawing cryptography.
Well... if crypto is outlawed... you know the rest. I don't intend to roll
over and play dead just because the government says I have to.
>It requires considerable expertise in network protocol design, including
>packet routing, conventional cryptography implementation and (for the
>"anonymous identification part") a suitable protocol. Moreover, it
>absolutely _requires_ a colored, simple and attractive graphical interface
>that would run on mainstream platform (I'll give no names) because we want
>PEOPLE to use cryptography, not just "techies".
My thought was to make it in a simple, portable language (C comes to mind)
so ppl could easily make a version for their OS of choice. Also, we should
make the protocol available to all, in easy-to-understand-and-implement
documents. I, for one, am volunteering to make (or help with) a Windows 95
version, as long as it's made in Borland Delphi (I don't know C, but I do
know Delphi).
>Maybe this has been discussed long before, but currently I have difficulties
>finding even a simple person-to-person encrypted chat program that uses
>public key crypto (the only one I have encountered was a modified version
>of UNIX talk using D-H).
Yeah, there is an almost total lack of good (ie, easy to use, secure) chat
programs. I've seen one for Windows, but it uses the Win95 CAPI
(cough*insecure*cough), and is commercial.
>Does someone knows of such a project ? Have these ideas been previously
>discussed, and up to which point ?
Heh.
>I guess many people would volunteer, but we need a crypto expert to
>coordinate the project: I guess Bruce has some spare time to fill since he
>was asking for it...
Sure, Bruce can be the co-ordinator/mascot.
I think either MACs or digital signatures should be used, to make sure text
hasn't been tampered with. Also, all data should be compressed, encrypted,
signed, whatever, base64-encoded, and sent with a CRLF pair at the end.
That makes checking for line integrity easy.
These are some questions I've been struggling with:
* One key per connection? One key per network?
- I'm thinking one per connection: computers these days are fast enough
to stand encrypting 20 bytes of data 30 times every few seconds.
* How should the keys be exchanged?
- Should we try and foil Man In The Middle attacks or just make it easy
on ourselves?
* How will a node communicate privately (ie, /msg) to another node?
- Also, should the IPs be blinded or freely available?
* What algorithms to use?
- I'm thinking DH for key exchange, SHA-1 for message digests, Blowfish
for bulk data encryption, and maybe DSA for signing. Either way, the
algorithms have to be free.
* Plus all the details, like data structures, etc.
I can post my notes on the subject (not a whole lot, but some interesting
stuff) here, if people want to.
I'd love to see this idea (whose time has come, really) come to frutation.
If we could make a distributed and secure alternative to IRC, I'm sure it'd
be widely-used.
"I never set out to be weird. It was always the other people
who called me weird."
-- Frank Zappa --
http://www.sinnerz.com/tmessiah/
KeyID: 4096/1024/0x14C4FDE6
Fingerprint: 1263 DBFD F2C4 77C6 87F2 A94A 0759 7C7E 14C4 FDE6
-export-a-crypto-system-sig -RSA-3-lines-PERL
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:58