On Wed, Aug 16, 2000 at 01:07:19PM -0500, Scott G. Miller wrote: > The fingerprint would be attached to the address, and there would be a > field in HandshakeRequest that would request the public key if Alice > didn't have Bobs key. Bob would return the HandshakeReply including the > public-key field. Alice verifies the fingerprint, and they go about their > merry way. > > In addition, the authentication would probably be in > HandshakeRequest/Reply as well. (some sort of challenge/response system).
My concern to this is that we are adding extra latency rather then using the system to cut down on it. I'm worried about the time it takes per hop as it is - I would almost consider sacrificing forward security if it means we can save the seconds the keyexchange takes. Of course, maybe caching session keys for several connection is a better idea. Another detail we should consider in the final crypto system is making it possible to run an invisible node - ie one that comes alive only when a it gets a signed request from a recognized peer. Such a node should be able to masquerade as another service while waiting for the authentication. > > Scott > > > > -- \oskar _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
