On Tue, 30 Jul 2013, Alan Robertson wrote:

post on Assimilation message formats - what they are, how they work and
why they work that way:
       http://bit.ly/13Vro4U

reading:

SignFrame - Digital Signature - currently not cryptographically secure (that's coming)

and yet:

communication between endpoints can consist of only a handful of packets every few months - or even every few years. By design, silence is the norm

... so there is the problem of either needing to do long lived advanced keying (not desireable, and still rots / expires), or to be able to consult a CA (and CRL) on the fly, to know if a given transaction should be trusted. As it is UDP, we are not able to do DH key exchange to get a smaller session key, and will have to use long keys

A UDP packet, under normal curcumstances is probably less than an MTU long --- call it 1.5k

Is there really room in that specification of: Assimilation Message Formats for a payload, possibly with the overhead of a compression lookup table, and a cryptographic oversign?

just thinking this through, but this seems like a protocol design problem, when we get to implementation time

-- Russ herrold
_______________________________________________
Assimilation mailing list - Discovery-Driven Monitoring
[email protected]
http://lists.community.tummy.com/cgi-bin/mailman/listinfo/assimilation
http://assimmon.org/

Reply via email to