Ruby Certificate Notary: SHA256, certificate storage, Conditional GETs
39 views
Skip to first unread message
Adam Watkins
Jul 6, 2015, 3:23:05 PM7/6/15
to perspect...@googlegroups.com
Hello,
I had a go at writing an alternative Certificate Notary in Ruby.
I did this mostly as a challenge for myself and without the intention that this could really serve a serious alternative to the existing Perspectives Server. In particular, I'm really not sure that it's likely to scale very well. With that caveat in mind, I did try to solve some of the outstanding issues with the Perspectives Server - Efficient Validation of requests, storage of certificates, and supporting SHA256 checksums.
The code can be found here: https://github.com/stupidpupil/certificate_notary
An example notary can be found running here: http://notary.stupidpupil.co.uk with the following key:
Please note that I'm not able to make the same guarantees about security and privacy as the Perspectives team do about the official notary server - I simply don't trust myself to be competent enough!
Regards,
Adam Watkins
I had a go at writing an alternative Certificate Notary in Ruby.
I did this mostly as a challenge for myself and without the intention that this could really serve a serious alternative to the existing Perspectives Server. In particular, I'm really not sure that it's likely to scale very well. With that caveat in mind, I did try to solve some of the outstanding issues with the Perspectives Server - Efficient Validation of requests, storage of certificates, and supporting SHA256 checksums.
The code can be found here: https://github.com/stupidpupil/certificate_notary
An example notary can be found running here: http://notary.stupidpupil.co.uk with the following key:
-----BEGIN PUBLIC KEY----- MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAFGQ7aCe70wrc/VrFsxaVzrf0Jn UDdVG+xz11VL34bodkxaPgazHKn3xNABB+1M/nvCLh/SwsiAQvKoIiFvPPhnuDLb xXaDJEd/EJLEbyfB7OIwDNPlQBNkH8mHZO/RrVU2VOKvdK9KC3LCYTixzuoUjWp7 CzukQix1VlwJheTV2yo66notSVP/9xRFq0MOrsOljUlORYFpnYv7DTNDUvthVTCO CMpPu3EIcM0CAwEAAQ== -----END PUBLIC KEY-----
Please note that I'm not able to make the same guarantees about security and privacy as the Perspectives team do about the official notary server - I simply don't trust myself to be competent enough!
Regards,
Adam Watkins
Dave Schaefer
Jul 8, 2015, 12:23:32 AM7/8/15
to perspect...@googlegroups.com
Hi Adam,
Thanks for sharing! This is fantastic! :) Very cool project.
Don't sell yourself short; this is cool. I am interested to see how
you implemented some parts and will have a look through the code.
If you don't mind my asking, how long did this take? Did you have to
reference the server API[1] much during development?
I would be interested to hear any feedback you have on things that
were difficult to follow, parts of the architecture that were
difficult to figure out or implement, or improvements we could make to
documentation/code/anything else.
>I'm really not sure that it's likely to scale very well
I have been using blitz.io to stress-test the python server while
adding caching and other improvements. If you're interested in doing
something similar I could definitely share my simple stress test and
stats/results.
[1] https://github.com/danwent/Perspectives-Server/blob/master/doc/api.md
Thanks for sharing! This is fantastic! :) Very cool project.
Don't sell yourself short; this is cool. I am interested to see how
you implemented some parts and will have a look through the code.
If you don't mind my asking, how long did this take? Did you have to
reference the server API[1] much during development?
I would be interested to hear any feedback you have on things that
were difficult to follow, parts of the architecture that were
difficult to figure out or implement, or improvements we could make to
documentation/code/anything else.
>I'm really not sure that it's likely to scale very well
adding caching and other improvements. If you're interested in doing
something similar I could definitely share my simple stress test and
stats/results.
[1] https://github.com/danwent/Perspectives-Server/blob/master/doc/api.md
Adam Watkins
Jul 8, 2015, 1:51:18 PM7/8/15
to perspect...@googlegroups.com
I can't tell you much more than the git logs about how long it took me - it looks like I put it together over about 10 days.
The API doc was a useful starting point, particularly for clarifying the appropriate responses for valid-but-not-found and invalid requests. The biggest issue - by far - in making sense of the API was the reply signature and the packed data response that sits behind it. The client code turned out to be the most useful reference for that:
https://github.com/danwent/Perspectives/blob/ceead359dc84fe3a1711e63b494e223917d88cba/plugin/chrome/content/xml_notary_client.js#L116-L157
Happy to have a play with blitz.io if you've got a regime in mind!
Adam
The API doc was a useful starting point, particularly for clarifying the appropriate responses for valid-but-not-found and invalid requests. The biggest issue - by far - in making sense of the API was the reply signature and the packed data response that sits behind it. The client code turned out to be the most useful reference for that:
https://github.com/danwent/Perspectives/blob/ceead359dc84fe3a1711e63b494e223917d88cba/plugin/chrome/content/xml_notary_client.js#L116-L157
Happy to have a play with blitz.io if you've got a regime in mind!
Adam
Reply all
Reply to author
Forward
0 new messages