分散式用户身份验证 - 可能吗？ [英] Decentralised user authentication -- possible?

问题描述

我设计的完全分布式的P2P消息应用程序。

I'm designing a fully distributed P2P messaging application.

编辑：不仅仅是的的消息应用 - 特别是一个公共论坛。消息从邻居到邻居一起传递，所以消息可以从比原作者其他对等体进入。通信的保密是不重要的。然而，一个消息的作者的验证是至关重要的。

Not just any messaging application -- specifically a public forum. Messages are passed along from neighbour to neighbour, so messages may come in from a peer other than the original author. Secrecy of communication is unimportant. However, verification of the author of a message is vital.

问题需要介绍一下：

在客户端 - 服务器模型中，每个客户可以确信的消息的起源是有消息称它们是什么，因为那里是检查该用户的凭据（用户名，密码）匹配一个条目的中间人的身份验证服务器在中继所述消息发送到接收客户机前的内部秘密数据库

In client-server models, each client can be sure that messages' origins are what the message says they are, because there is a "middle man" authentication server that checks that the user's credentials (username, password) match an entry in an internal secret database before relaying the message to the receiving client.

现在的问题是：这个问题能在纯P2P实施

假设每个客户端存储的全套用户凭据。所不同的是当然的客户端不能被允许查看它们的 - 因此他们会被存储在加密格式。加密的证书都必须检查对另一组加密凭据平等的而没有完全解密或者设置的

Suppose each client stores the full set of user credentials. The difference is of course that clients cannot be allowed to view them -- hence they'd be stored in encrypted format. The encrypted credentials would have to be checked for equality against another set of encrypted credentials without ever fully decrypting either set.

可以这样做？有没有更好的办法
（记住：100％无P2P服务器）？

Can this be done? Is there a better way?
(Remember: 100% P2P. No servers.)

推荐答案

我建议你看看到一个名为模型网络信任的。它的使用，例如PGP下放认证。

I suggest you look into a model called Web of trust. It's used by for instance PGP to decentralize authentication.

这句话概括了这pretty得好：

This quote summarizes it pretty well:

随着时间的推移，你会积累与您可能要指定为受信任的引荐其他人的密钥。其他人将各自选择自己信任的介绍人。每个人都将逐渐积累并与他们分发密钥认证从其他人签名的集合，并期望收到的人会相信至少有一个或两个签名。这将导致对于所有的公共密钥信心分散容错网络的出现。

As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.

这篇关于分散式用户身份验证 - 可能吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！