On Sunday 18 November 2007 12:03, Michael Rogers wrote: > Matthew Toseland wrote: > > The pubkey itself for an SSK cannot be encrypted as a node forwarding an SSK > > has to be able to verify the signature. The data of course is encrypted... > > but if we use the same pubkey for connection setup, we are giving away a lot > > of information. > > True. We could use the hash of the entire ARK key (including the secret > part) to generate the obfuscation key - that way a node handling the ARK > request won't be able to de-obfuscate the handshake.
We could, but this would not help us with short-refs, as we'd have to ship both the pubkey and the secret decryption key, hence 64 bytes (bad!). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071119/2dffe567/attachment.pgp>
