Point 1 & 3 should be excluded. Why bother with high strength crypto like curve when it's easy to generate forged certificates in the first place?
2 needs to be analysed a bit more. I think Git does something very similar but in that case it's probably to guard against repo corruption not determined attackers. On Oct 17, 2013 12:22 AM, "Pieter Hintjens" <[email protected]> wrote: > http://en.wikipedia.org/wiki/Public_key_fingerprint is relevant and > describes the use case and vulnerabilities accurately. > > We have, I think, three options: > > - MD5 fingerprinting, with the risk of collisions > - a more secure hash, which we must truncate to fit the use case, e.g. > first 6 bytes of SHA512 hash > - no fingerprinting at all > > -Pieter > > > On Wed, Oct 16, 2013 at 3:08 PM, T. Linden <[email protected]> wrote: > > On Wed, Oct 16, 2013 at 01:59:54PM +0200, Pieter Hintjens wrote: > >> However I'm not convinced we can ignore manual verification. If I send > >> you my public key and then call you to check whether you got it, how > >> are you going to tell me what you got? > > > > Well, that's an argument. > > > > Then what about some kind of id? Something like PGP is using, e.g.: > > 0xA8960B17? I've got no clue how it's computed but such a key-id is > > short enough for user verification. > > > > > > > > regards, > > Tom > > > > -- > > PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt > > S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem > > Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > _______________________________________________ > > zeromq-dev mailing list > > [email protected] > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > -- > - > Pieter Hintjens > CEO of iMatix.com > Founder of ZeroMQ community > blog: http://hintjens.com > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
