Florent Daigni?re wrote: > Go ahead and suggest something that works then :)
OK, here's my suggestion: 1. Remove the address and port from the current ref 2. Call what remains (crypto parameters, public key etc) the "long ref" 3. The address, port, and the hash of the long ref form the "short ref" 4. The short refs (38 bytes) are exchanged out of band 5. Obfuscation key = hash (A's short ref, B's short ref, nonce) 6. The long refs are exchanged during obfuscated JFK (in the ID_I and ID_R fields of messages 3 and 4) 7. Before completing JFK, the long refs are verified by hashing them and comparing the hashes contained in the short refs Cheers, Michael
