Tony, I realized what you are explaining. It's impossible to decode the certificate without the sender's public key anyhow, so it has to be sent in clear.
So this brings us to a public key format which is Box [metadata](C'->S), where C and the nonce used are clear-text headers. And then the fingerprint is entirely redundant since it's easy to verify C in the header. Thanks...! -Pieter On Thu, Oct 17, 2013 at 3:21 AM, Tony Arcieri <[email protected]> wrote: > On Wed, Oct 16, 2013 at 6:06 PM, crocket <[email protected]> wrote: >> >> A digest might save network bandwidth in exchange for more CPU usage. > > > No, you cannot perform Curve25519 scalar multiplication without the full > public key. And again, we're talking about 256-bits here. The reason key > fingerprints exist in the first place is because secure RSA public keys are > 2048+ bits > > -- > Tony Arcieri > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > -- - Pieter Hintjens CEO of iMatix.com Founder of ZeroMQ community blog: http://hintjens.com _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
