A new proposal for a more secure Direct Connect
Posted: 03 Jun 2008, 17:51
Hi. I have thought about ADCS and how we can improve the world of Direct Connect, and the ADC network.
First, I looked over to see how DC++ ( and clones) create the certificates they use for ADCS connections. The certificate doesn't seem to be signed, and it's granted actually to that CID ( client's unique id ).
I want to propose something about how to make this more secure for both hubs and clients who want to connect ( mostly clients who have certain rights on the hub ). This is intented to replace password-based login.
First of all, let's start with a hub. After the hub is being set in normal ADC mode, the user needs to switch to ADCS. In this moment, the hub makes a certificate request to a CA [1], that temporarily grants him a certificate signed by this CA, hereby making the hub authoritative for it's own users.
[1] : I propose the CA to be somebody of trust in Direct Connect, that can also monitor hubs and even revoke certificates for the hubs that don't respect certain rules ( moral rules, the general direct connect rules...etc ). My first suggestion is a big hublist , with great influence ( these people also monitor hubs regularly ). Once the hub has this certificate from this CA, then users can connect to it safely ( It would be nice if clients could implement the CA's public key and check the certificate's signature, and at least warn users on login if the hub is not signed by the CA)
The second step of this thingy is to create user accounts on the hub. For this, each client creates a public and a private key. The hub should be able to have an input for a client's public key, and create a certificate for the client signed by the hub. This way, the client can login to the hub ( in which moment the hub checks if the certificate is signed correctly by itself ) and grant the respective user with all the rights given . No password needed, and the security greatly increases since the client's private key is never sent anywhere so he's the only one who can use the certificate, and only the hub who signed it can actually decipher it and accept it.
Hope this post is quite clear, I await some questions if not. I would also like something from Crise for the client part and netcelli/Catalin for the hublist part.
I'm in the disposition of implementing all this in DSHub for the hubsoft part.
First, I looked over to see how DC++ ( and clones) create the certificates they use for ADCS connections. The certificate doesn't seem to be signed, and it's granted actually to that CID ( client's unique id ).
I want to propose something about how to make this more secure for both hubs and clients who want to connect ( mostly clients who have certain rights on the hub ). This is intented to replace password-based login.
First of all, let's start with a hub. After the hub is being set in normal ADC mode, the user needs to switch to ADCS. In this moment, the hub makes a certificate request to a CA [1], that temporarily grants him a certificate signed by this CA, hereby making the hub authoritative for it's own users.
[1] : I propose the CA to be somebody of trust in Direct Connect, that can also monitor hubs and even revoke certificates for the hubs that don't respect certain rules ( moral rules, the general direct connect rules...etc ). My first suggestion is a big hublist , with great influence ( these people also monitor hubs regularly ). Once the hub has this certificate from this CA, then users can connect to it safely ( It would be nice if clients could implement the CA's public key and check the certificate's signature, and at least warn users on login if the hub is not signed by the CA)
The second step of this thingy is to create user accounts on the hub. For this, each client creates a public and a private key. The hub should be able to have an input for a client's public key, and create a certificate for the client signed by the hub. This way, the client can login to the hub ( in which moment the hub checks if the certificate is signed correctly by itself ) and grant the respective user with all the rights given . No password needed, and the security greatly increases since the client's private key is never sent anywhere so he's the only one who can use the certificate, and only the hub who signed it can actually decipher it and accept it.
Hope this post is quite clear, I await some questions if not. I would also like something from Crise for the client part and netcelli/Catalin for the hublist part.
I'm in the disposition of implementing all this in DSHub for the hubsoft part.