I'm a programmer, here are some projects I'm involved in.
My current interest is cryptographic key management and alternatives to PKI.
CryptoIDs
Paper 1: Public Key Distribution through "cryptoIDs" (.pdf, .html) (presented at NSPW 2003)
Paper 2: The CryptoID Key Management Protocols (.pdf) (the best introduction)
Code: CryptoIDlib python library and command-line tools v0.3.3 (.gz, .zip, readme.txt, API docs)
CryptoIDs are small, user-friendly key fingerprints like 'dubo9.sanre.wivip.wqsqy'. Since they're short, users could treat them as a form of contact info (like phone numbers, postal addresses, etc.).
The cryptoID for each user would be a hash of some root keys chosen by the user. These keys would either be held by the user or by some user-chosen key management servers which issue short-lived certificates and validation signatures. These servers would allow the user to achieve cryptoID mobility, key revocation, and key replacement while keeping her fingerprint constant.
Basically, cryptoIDs are an attempt to design the best possible fingerprint, improving on things like PGP and SSH fingerprints.
Paper #1 presents the fingerprint and certificate formats. Paper #2 presents the key management protocols. CryptoIDlib is a python implementation of the system.
TLS Lite
Development: Sourceforge (main, CVS, mailing lists)
Code: tlslite python library v0.3.8 (.gz, .zip, readme.txt, API docs)
TLS Lite is a free python library that implements SSL 3.0, TLS 1.0, and TLS 1.1.
TLS Lite supports non-traditional authentication methods such as SRP,
shared keys,
and cryptoIDs in addition to X.509 certificates. TLS Lite is pure
Python, however it can access OpenSSL,
cryptlib,
pycrypto, and
GMPY for faster crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted.
TLS/SRP
Internet-Draft: Using SRP for TLS Authentication (.txt, .html)
SRP is the best way to do password authentication across a network. TLS (aka SSL v3.1) is the best way to do channel security. What could go etter together?
This draft modifies the TLS handshake to use SRP. This combination of
password-based mutual authentication and the TLS record layer is
ideal for protecting protocols like POP3 and HTTP.
DSS
Requirements: DSS Use Case Requirements Analysis (.pdf, .doc)
Specification Working Draft: Digital Signature Service Core Protocol and Elements (.pdf, .doc)
Schema Working Draft: oasis-dss-1.0-core-schema-wd-20 (.xsd)
Somewhat Related Paper: Delegated Cryptography, Online Trusted Third Parties, and PKI
(.pdf, .html)
(presented at the 1st Annual PKI Research Workshop)
The OASIS Digital Signature Service Technical Committee is designing protocols for signing, verifying, and time-stamping of XML documents and other data. The idea is to perform these operations on servers, thus freeing clients from having to manage private keys, calculate certificate paths, and so on.
Also listed is a paper arguing for the server-based approach vs. client-side PKI.
CryptoURLs
Draft of potential Internet-Draft: The "crypto" URL scheme (.txt, .html)
CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. The resulting URLs are self-authenticating, like SFS file names or Cryptographically Generated Addresses. These could be useful in:
This is a python script that generates java, python, and C# wrappers for
cryptlib. A set of wrappers for the latest
cryptlib is included in the .gz file. The python and C# wrappers are also included in the cryptlib 3.2.2 release.