Peer Networking Security Model


Security for the Peer Networking platform is achieved through self signed x.509 certificates. This method of using self signed certificates eliminates the need of having a certificate authority issue a certificate to each user in a network. This eliminates the cost (both monetary and time) associated with acquiring a x.509 certificate from a commercial certificate authority, but it is not without its drawbacks. The main drawback to self-signed certificates are that they have weak identity, i.e. no one has vouched that the true owner of the certificate is who he claims to be (which is what you pay a commercial CA for, they vouch that the owner of the certificate is the person they claim to be). The same is true for all self signed methods such as PGP, verification of the identity of the certificate owner is up to you. However, once you trust that the certificate is valid, no other party can claim to be the owner of that certificate.

 Since each user and group in the Peer Networking platform essentially acts as a certificate authority, chains of trust can be built allowing more advanced semantics such as group membership ( a group must only use its certificate to sign that of its members) and delegated authority ( a user/group can allow others to use its name by signing their certificates).

That is the basic view of how peer networking uses x.509 for security. If you want a more precise overview the Peer Networking whitepaper is for you! You can find it at http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/p2pintro.mspx

More later!

Tripp

 

 

Comments (4)

  1. Douglas says:

    Tripp,

    With the PDC and WinHec shows from past it shows a Managed componet for the p2p platform coming.

    Is there any picture of when this will occur, I know it can be done now using the current api’s but I am not in that domain.

    looking forward to the managed platform. any chance it will be coming with the indigo preview, in late feb early march??

  2. Tripp says:

    Managed components are still in plan, but I don’ know the exact dates they are shipping, I will try to find out and post an update.

    Tripp

  3. Jason says:

    Are there any widely available applications out there besides ‘three degrees’ that use this API?