Permanent passwords =================== We could make IP + password play the same role as noderefs do now. They must be exchanged in both directions, but if you have both passwords you can initiate a connection and noderefs will be exchanged. This should be a reasonably simple protocol: Just send a packet which includes proof that you have both passwords (a hash), and a random nonce for crypto setup.
This is no more work than out of band verification. However, you cannot broadcast your IP + password and wait for people to contact you, which is a distinct advantage in out of band verification: All contacts must be arranged strictly in advance. And it's not very newbie friendly either. Dependancies ------------ UP&P isn't necessary if the exchange is conducted in real time. If it is almost-real-time then UP&P may be helpful. Attacks ------- If the attacker can guess both passwords he can MITM, identify traffic, etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20070306/7e72aedb/attachment.pgp>
