> solved by a full scale PK solution. I agree with Hal that it would be better > to > get simple encryption of node to node communication in there for now, because > that is something we can realistically achieve. The node does not limit who it > talks to right now anyways, so there is nothing to authenticate.
I'm not talking about authenticate so much as encrypting the key exchange so that man in the middle attacks don't work. You'd then have to be a man in the middle who knows the public key for the system. This isn't all that secure, but more secure than exchanging the keys in the open, and better for keeping Freenet nodes from being detected than having them speak Freenet protocol in the open. However, I agree that there are two separate encryption layers here. So we should go ahead and implement the first layer which requires key/cipher negotiation via handshake messages. So what we need to decide on is what to call the fields in the handshake messages. The way I think it should work is that the handshake requester specifies what encryption methods it would like (in order of preference?) and the handshake reply specifies a single encryption method to use. _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
