Author: Bill Heelan
$Date: 2000/07/25 13:57:11 $
$Revision: 1.2 $
In order to provide an inexpensive mail authentication mechanism, the nym server and the mail system share a secret, which is used to symmetrically authenticate mail certificates (mail-cert.html).
The secret will be generated on a computer, physically disconnected from
a network. It will be written to a file on a floppy disk, which will be
chown
ed to uid 0, and the permissions set to 000. After
being removed from the computer the floppy disk is then write protected.
The file will be carried to the nym server and mail servers. On each machine it will be copied to a file owned by the Freedom user, and having permissions 400.
We rely upon host security to keep the secret secure.
Keep the file encrypted, but serve its contents via a simple program providing a non-swappable, shared memory region. The region has permissions allowing only the Freedom user to read it.
This doesn't seem to have any obvious advantages over the previous method. Anyone breaking in as the Freedom user, or root, can still access the secret.
Copyright © 2000 Zero-Knowledge Systems Inc.
All Rights Reserved