Peer Networking Security Model

Security for the Peer Networking platform is achieved through self signed x.509 certificates. This method of using self signed certificates eliminates the need of having a certificate authority issue a certificate to each user in a network. This eliminates the cost (both monetary and time) associated with acquiring a x.509 certificate from a commercial certificate authority, but it is not without its drawbacks. The main drawback to self-signed certificates are that they have weak identity, i.e. no one has vouched that the true owner of the certificate is who he claims to be (which is what you pay a commercial CA for, they vouch that the owner of the certificate is the person they claim to be). The same is true for all self signed methods such as PGP, verification of the identity of the certificate owner is up to you. However, once you trust that the certificate is valid, no other party can claim to be the owner of that certificate.

 Since each user and group in the Peer Networking platform essentially acts as a certificate authority, chains of trust can be built allowing more advanced semantics such as group membership ( a group must only use its certificate to sign that of its members) and delegated authority ( a user/group can allow others to use its name by signing their certificates).

That is the basic view of how peer networking uses x.509 for security. If you want a more precise overview the Peer Networking whitepaper is for you! You can find it at https://www.microsoft.com/technet/prodtechnol/winxppro/deploy/p2pintro.mspx

More later!

Tripp