> -----Original Message----- > From: Matt Mahoney via AGI [mailto:[email protected]] > > Peers need to know when two messages are from the same source. If a peer > earns a reputation for being a reliable source of information (like Google or > your bank), then malicious peers will try to spoof messages from them. To > prevent this, peers sign their messages using a mutually agreed secret key > chosen at random. After an initial exchange (using e.g. Diffie-Hellman), I > send you a message and a signature like SHA256(message + key). You receive > the message, compute the signature, and compare it to the signature that I > sent you. Since nobody else knows the key, and the hash is not invertible, you > know the message must have come from me. >
Well, that's the same as using HTTPS or another application layer protocol over TLS/SSL with certificates signed by a certificate authority no? Though in your communications protocol you control the signing and encryption algorithm and everyone need not get a CA signed cert I suppose. John ------------------------------------------- AGI Archives: https://www.listbox.com/member/archive/303/=now RSS Feed: https://www.listbox.com/member/archive/rss/303/21088071-f452e424 Modify Your Subscription: https://www.listbox.com/member/?member_id=21088071&id_secret=21088071-58d57657 Powered by Listbox: http://www.listbox.com
