Ian Clarke writes: > > --NU0Ex4SbNnrxsi6C > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > The simple answer is that a message posted to an SSK *is* signed,=20 > hence the name "Signed Subspace Key". You can be assured that a=20 > message posted under an SSK was inserted by the person who has the=20 > private key corresponding to the public key embedded in the SSK.
Actually, you're missing the point. > > To solve FMB's current problem, all you have to do is make FMB flag=20 > messages that are being rebroadcasted, as opposed to those authored=20 > by the owner of the SSK - and preventing a flagged message from=20 > being used to verify the authenticity of an actual message. This is how it works now. The problem is this: FMB caching is vulnerable to people tampering with messages and rebroadcasting them. It's ESPECIALLY vulnerable to spoofing, since it's quite likely an old message won't be retrievable, so you can piggyback a bogus message for them under your valid message. When people try to compare, they'll get a DNF. A DNF dosn't prove that it never really existed, just that it dosn't now, or you can't reach it. That's why the rebroadcasting happens, so messages have multiple paths to you. Reliablity, and all that crap. Correct answer is to use the same primatives to digitally sign each message so when someone rebroadcasts they send your signature as well. This way the original is doubly-assured (Signed, and inside a signed SSK packet). It was something I intended to do but havn't, since my FMB has completely quit working. Ripping the relevant java ciphers out of fred and using them in FMB isn't a very long project, if anyone cares to take it up. --Dan _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
