Re: [zeromq-dev] Proposal for ZeroMQ certificate format

Wed, 16 Oct 2013 11:41:26 -0700

‎Security through obscurity? I can see where you're going with this, but public keys are not secure and relying on them being secret makes the design a bit flaky. It's only a matter of time once a target is established. Public keys are the least of worries. 

--
Justin Cook

Sent from a mobile device
From: Pieter Hintjens
Sent: Wednesday, 16 October 2013 19:31
To: ZeroMQ development list
Reply To: p...@imatix.com
Subject: Re: [zeromq-dev] Proposal for ZeroMQ certificate format

I tried to explain the use cases in my article. The goal is to send my public key to you without leaking the fact. It is asymmetric.  Your public key is well known but mine is not. It is a CurveZMQ usecase. Anonymous clients and public servers.

Pieter

On Oct 16, 2013 8:23 PM, "Tony Arcieri" <basc...@gmail.com> wrote:
On Wed, Oct 16, 2013 at 9:57 AM, Laurent Alebarde <l.aleba...@free.fr> wrote:
> Please, keep the public key secret.

This is where you really need to take a step back and look at the threat model.

Keep the public key secret from whom? You can't keep it secret from
someone who wants to perform a Diffie-Hellman handshake, since it's
one of the operands of Curve25519 scalar multiplication.

What is the use case for verifying the authenticity of the public key
in which you would also like to keep the public key secret?

--
Tony Arcieri
_______________________________________________
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

_______________________________________________
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

_______________________________________________
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

Reply via email to