Skip to main content

how to secure peer's identity

3 replies [Last post]
fszwt
Offline
Joined: 2007-08-11
Points: 0

as far as i know, a certificate is the only identity of a peer in jxta, membership service can use credential(within which a certificate is attached) to support authentication between peers within a same group, considering that credenticials are exchanged frequently for authentication purpose, how can i prevent peer from using other peer's identity(certificate) illeagly? in another word, how can i ensure the peer who present the certificate is the peer who i sign the certificate for?

any helps are appreciated.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
fszwt
Offline
Joined: 2007-08-11
Points: 0

Thx for ur reply thenetworker,
refer to ur company example "if you communicate your self-signed cert (public key) to all of them in a secure fashion". is that means employees r responsible for keeping they certificate safely in order to securely communicate with the signer? if so, how peers in jxta protect their private certificates?
it seams that in the PSE service peers authenticate each other by exchange their certificates, am i terriblely wrong on this understanding? if not, it can be pretty easy for a peer in jxta using any certificates he know to impersonate himself as the other peer.

Message was edited by: fszwt

thenetworker
Offline
Joined: 2003-06-13
Points: 0

Peers only exchange the certificates that contain only public keys. The private keys are never exchanged, of course. They are on each peer's machine, protected by a password.

If you want to understand the concept, you may think of the mutual authentication/mutual SSL in the client/server environment. JXTA almost borrows that mechanism intact when two peers establish a secure channel.

thenetworker
Offline
Joined: 2003-06-13
Points: 0

If you really ask how "you" can secure a peer's identity, well, you have to be rich enough to buy a CA company such as VeriSign:-)

To be serious, I don't think you can secure a peer's identity, unless all the peers trust you. That could happen, for example, if all the peers are the employees of your company and you manage the network and you communicate your self-signed cert (public key) to all of them in a secure fashion.

In public networks, it is CA's job to secure peer's identities. There is nothing special in JXTA as far as the certificates and PKI are concerned. You can and should take advantage of all the existing PKI technologies, infrastructures and good practices to manage the security in JXTA.