Matthew Toseland wrote: >> True. We could use the hash of the entire ARK key (including the secret >> part) to generate the obfuscation key - that way a node handling the ARK >> request won't be able to de-obfuscate the handshake. > > We could, but this would not help us with short-refs, as we'd have to ship > both the pubkey and the secret decryption key, hence 64 bytes (bad!).
The shorter the better, no argument there. Here's how I see the tradeoff: short refs are 38 bytes and don't have to be kept secret; ARK refs are 70 bytes and do have to be kept secret (because of the decryption key), but they give us the ability to retrieve the ARK via Freenet if a direct connection fails. In theory we could have both; in practice I doubt most users will understand the difference. Personally I think short refs are the way to go, but it's your call. Cheers, Michael
