Henry Hemming wrote: > > > > > If Alice doesn't know Bob's IP address she queries some other node and > > > > verifies that the response (which would include Bob's complete public > > > > key and current IP address) has been signed by Bob. > There needs to be additional security here, otherwise everyone who share > the same ip range can pretend to be each other easily. Perhaps a some kind > of random string or timestamp included in message to make it onetime or > atleast short lived.
How? Bear in mind that the unique identifier for a node is its public key (or some representation of it such as a fingerprint). If Mallory shows up on Bob's old IP address, she can only pretend to be Bob if she knows Bob's private key. -- zem at zip.com.au F289 2BDB 1DA0 F4C4 DC87 EC36 B2E3 4E75 C853 FD93 zem.squidly.org "..I'm invisible, I'm invisible, I'm invisible.." _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
