Cutlass Developers' Journal

I just wanted to assure people that despite the recent quiet, the project is not dead. I’m in a mode where I’ve been working on features that I’m not going to release until there’s a certain amount of polish there. Expect to see something within the next couple of months. (Licensing and overall project philosophy will be unchanged).

The blog may continue to be quiet until then, however. I’m not quite in a publicity hound kind of mood right now.

as a side note, I did run into some Cutlass users at ToorCon recently, which I was glad to see.

Today is the day that the patent for blind-signatures, by David Chaum expires. I recently reread Crypto Anarchy, Cyberstates, and Pirate Utopias, and I’m struck at how far off the dreams of cyberspace as a free haven for transactions are from the reality of today.

We’ve done pretty well at providing an environment where free speech can flourish, not so well at providing an environment where private speech can flourish (although we’re still working on that), but we’ve been completely incompetent at providing an environment where private economic transactions can flourish. And it’s not a technical problem, it’s a legal problem.

Take the classic idealized ecash. Outsiders can’t determine who paid who, and potentially, recipients can’t identify the individual that paid them. You’ve just described a money-laundering machine. And the government currently forbids people to even hook up to a money laundering machine, even if the transactions that take place are as innocent as the purest snow. We won’t have real ecash (anonymous ecash, that protects privacy at least as well as paper cash) until the laws change.

You’ll forgive me if I don’t hold my breath on that one.

(Cross posted to Perpetual Rambling)

It’s been quiet on the blog recently, partially because there’ve been no new features added for a bit. Instead, it seems like every day is porting day!

We’ve been working on getting the windows port of Cutlass to work, and it seems like we’re only a step away. Of course, I’ve been thinking that for the past week, only to find out that I didn’t know what I didn’t know, so to speak.

I do think we’re getting close, though.

We also hammered out a proposal for the new handshaking protocol this past sunday, which I’ll post shortly.

The Recon organizers have now posted all the presentations from that conference. There were a lot of good talks there, so it’s well worth checking out. Videos will supposedly be coming (for free!) in September.

Well, the Grokster ruling from the supreme court is in, and regardless of what I’d hoped, feared, or otherwise, it is what it is. We all have to live with it now. Thankfully, it doesn’t seem to change my plans for Cutlass in any major ways.

Essentially, the court ruled that if I intend for you to violate copyright with my software, I am partially liable for your copyright infringement. Now establishing that intent is somewhat sticky, and there will likely be much legal wrangling over where a court can draw that line. (Hopefully the burden of proof will lie with the plaintiff, but I’m not going to hold my breath on that one).

So, here I declare, publically, by all that I hold dear, please don’t use Cutlass for copyright infringement. Seriously. You’re pissed at the RIAA? Get your music somewhere else! I’ve had people in all honesty tell me that:
1: They were pissed that Metallica was going after Napster
2: That P2P actually helped music sales, as awareness of bands contributed to overall band revenues
3: That they were so pissed, that they were going to go download a bunch of Metallica MP3s.

Err, hello? 1 and 2 I agree with, but 3 does not follow. If you really believe that P2P helps bands (as I do), and that you’re pissed off at a band (as I have been), the solution is to go find alternatives, who actually want their music to be heard, and go download their songs, and perhaps even buy an album or see a show.

If you want to know where to go to find Free Culture, Downhill Battle has a good collection of links at the bottom of the page.

Cory Altheide from the SANS Internet Storm Center posted a review of several presentations at Recon, including mine.

Thanks for the link!

I’m in Michigan for a wedding this weekend, so it’s been a slow zone for coding. I fixed a couple of bugs in the transport layer that were causing channel leaks (where channels would transmit all their data, but never free up), and I also removed some redundant code in channel initiation.

I also noticed that the new page didn’t have directions as to how to get anonymous subversion access to the latest checkins. Oops. It’s now a link up in the “Download Cutlass” box on the left.

So, we’re going to revise the handshaking protocol. It was under revision already, to support negotiation of crypto primitives, but I realized we had some additional requirements for NAT, and some people at Recon mentioned DoS resiliance as something that should be addressed up front. So, I figure we should take a step back, look at what other requirements we should address, and hopefully get the handshaking protocol stable so we can focus on other things, rather than have it be a moving target.

In some situations where we are NAT punching, we’ll be issuing initiation packets from both sides. If we’re doing that, we need a way to clean up the state so that we can sync up and complete handshaking by determining who becomes the initiator and who becomes the initiatee.

While we’re at it, we ought to harden handshaking to DoS attacks, and make the protocol capable of cipher primitive negotiation. And, hey, let’s clarify how the protocol tears down cleanly as well, so we can lose the quick-disconnect-restart class of bugs as well.

So, the following is a proposed set of requirements for the handshaking protocol. Feel free to propose additions or deletions to them:

- Cutlass must offer the ability to not answer to remote scanners that do not have a preshared secret
- Cutlass must not allow network observers to distinguish between an initial key exhange (where both sides do not know the other’s public keys), and subsequent key exchanges (where both sides are merely verifying the other’s public keys).
- Cutlass must offer the ability to exchange previously unknown public keys, offering usability no worse than that of ssh.
- Cutlass must require that initiators perform expensive computations before initiatees perform expensive computations
- Cutlass must require that the initiator prove receipt of initiatee information before the initiatee performs and expensive computations
- Cutlass must allow both sides to initiate connections simultaneously, over identical port pairs, and still be able to select disparate roles for each side (”initiator” and “initiatee”).
- Cutlass must allow one side to drop, and reconnect over identical port pairs, and still be able to take sensible action (Do we want to require the ability to renegotiate? Can we better define “sensible?”)

Now, I’m thinking that a great way to detect a potential drop-reattach situation is to have an undersized initiation packet. Since it’s hard right now to detect the difference between an invalid checksum and a reconnection attempt, if we detect a short packet, we could interpret that as a reconnection attempt.

How to prevent people from turning that into a DoS? We could start holding incomplete connections in a kind of kex purgatory, rather than in the connection hashtable proper. (This also makes it easier to allocate smaller amounts of memory until full handshake completion).

So once we detect a short packet of the proper format (whether or not we have an open connection), we can open a purgatory entry. From then on, incoming packets on that port pair get checked first to see if they kex properly. If they do, then we kill the purgatory connection.
If not, then we drop them down to the handshaking code to see if it can make sense of it. If we renegotiate a connection over the same port pair with the same public key, then we update the ephemeral keys and go forward from there. If it’s a different public key, tell the other side to kindly shove off.

A new code rev is in, 545, which fixes some old bugs with info propogation (Only one connection was getting updates to things like file server status, which was really irking since I’ve added the ability to switch that status on the fly), and new bugs with the directory server.

I’ve also stubbed out some calls for the ALSA module. I ran into two sets of audio problems at Recon, one involving a failure in the ALSA-OSS compatibility layer. Since those bugs are out of my control, I figure I’d better write a native ALSA driver to avoid them.

The other bug I suspect is an instability introduced with some new code in 543 intended to prevent race conditions. I’ll certainly have to fix those before I roll an 0.3 tarball (which I’d like to do, it’s been rather a while).

The updated slides for the Recon 2005 presentation are now online. It’ll show up on the Recon site as well, shortly, but you got it here, first!