On Thu, Oct 17, 2013 at 7:33 PM, Tony Arcieri <[email protected]> wrote:
> Nice, glad we're clear now ;) We're not quite finished. There's a confusion (also for me) between the public key used for encrypting the certificate content, and the public key provided in the content itself. These are two separate layers (if you look at my proposal). There's an opaque content, which may be a public key. Then there's encrypting that for the recipient, which we'd do using Curve25519 and Box [content](sender->recipient). It means the sender and recipient may have Curve25519 public keys explicitly for sending and receiving certificates. They might use their CurveZMQ keys. Or not. Thus the CurveZMQ key can be kept secret. And we can do verification using a 32-byte value, which is still large but doable. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
