Domain: cakem.net
Stories and comments across the archive that link to cakem.net.
Comments · 11
-
Re:The CAKE protocol
No matter how good SSL is, you can always just remove it with a tool like sslstrip (also developed by Moxie Marlinspike). I guess you could have banks and other web sites instruct the user to look for the lock icon, but like Moxie said in his Defcon talk, he tested it on hundreds of users by running a Tor exit node, and every one of them still logged in after being sent an unencrypted login page.
I don't understand how your comment is relevant to what I said. I'm not talking about SSL. I'm talking about the CAKE protocol.
-
The CAKE protocol
This, Diaspora, and personal interest by friends have gotten me interested in working on The CAKE Protocol again. My goal is a Python reference implementation that can speak over TCP, email, and possibly IM.
Last time I stalled out once I got a job. I also realized that the protocol design was flawed, and the API design for the internals was awkward. Also, I was all alone in a new city. I have friends who are interested now, which makes it easier. And maker spaces with people to talk to. When you have to work on something all by yourself it's hard to stay motivated.
-
Re:He's right
I have a protocol I've been working on. It's a session layer on top of TCP or IP. It has secure caching as a base concept in the protocol. It also decouples identity from routing, and makes all messages encrypted by default. It's called CAKE.
I started working on it in 2003, and sort of dropped it once I got a job. I've become interested in it again recently and have started working on it again. If you live in Seattle, I would love to have someone to work on the project with.
Even if you aren't completely sure what you're doing, having someone who's interested and enthused who I talk to periodically really helps keep me motivated.
-
I wonder if CAKE represents prior art
When I was designing the CAKE protocol in 2003 I already had the idea of doing this. It was 'Key Addressed Crypto Encapsulation' for a reason. The idea was to choose whichever transport method was handy for the message.
A friend's interest has got me working on this again. Hopefully I can get a working system together soon so other people can play with it.
-
Re:The are multiple document management solutions
In my opinion, this state of affairs is ripe for some kind of solution. It was one of the problems I meant to address when I started CAKE years ago. But that project has stalled out because of time and a the general fact that unless I'm being paid, I tend to drop things as soon as I prove to myself that they work.
NSFW! Don't click it! the cake is a lie!
-
The are multiple document management solutions
But no real authentication systems that accomplish the goals you lay out. Even PGP (if you can convince people to use it and educate people on how it works) only accomplishes signing. It will not track these documents in the manner you describe.
And PGP has significant problems. People understand what passwords are. They do not have a clue what a 'private key' is, or what it means to use one. This requires significant education effort. And unfortunately the user interfaces surrounding products that use PGP do little to help this educational process. Most of them seem to be designed by crypto-geeks who assume that everybody already knows these things and just wants a convenient way to manage them.
And, unfortunately, PGP is not widely supported in email clients outside of the GNU/Linux sphere. Even Thunderbird requires a plugin for adequate support. Everybody else seems to have assumed that the bletcherous, ugly, stupid mess that is an X.509 certificate is what people will use, if they use anything at all.
In my opinion, this state of affairs is ripe for some kind of solution. It was one of the problems I meant to address when I started CAKE years ago. But that project has stalled out because of time and a the general fact that unless I'm being paid, I tend to drop things as soon as I prove to myself that they work.
-
Re:Good News
I have heard, but don't have a source, that elliptic curve is broken by quantum computing as well. I did a bunch of research when doing the initial design of CAKE because I figure that quantum computing will be a solved engineering problem at some point.
-
CAKE!
But, I've not had much time to work on it since I've been employed.
:-( And it's a much nicer, decentralized solution to this problem that has potentially much less weight and wider applicability than PGP. -
Re:Anonymous developments?
I've been very, very slowly working on a protocol to create a pseudononymous Internet that complete divorces identities from IP. Psuedonyms are almost as good as being anonymous since you can create them whenever you like. And, unlike being anonymous, a psuedonym can gather a reputation.
My system is called CAKE. I need to spend a whole bunch of time working on it, but I have a job and stuff now, and have really had the time. I also need some new ideas for how to put it together, though I think I may have thought of those now.
-
This problem is directly caused by
This problem is directly caused by the use of insecure human-readable names, and the use of IP addresses as identifiers. Both things don't work on the Internet. You need names that can be mathematically verified to be owned by the party you're communicating with. Names should be public keys.
-
Re:This won't work
And, my own project, CAKE. though mine is only peripherally related actually.
:-) I just like mentioning it when discussion gets near problems it will help to solve (or at least make a lot better).