I have been skeptical of the idea of using SSL for future encrypted Freenet connections, because I think there are other highly favorable features, such as nodes that only accept and make connections to nodes they know are trusted, or even web-of-trust type systems within the network, which I guess would require that we have our own key management (or even dictate how it works) for node authentication even beyond encrypting the streams. Of course I don't know much about SSL, so maybe this is all possible within it's framework.
And what is the Freedom situation with SSL? It uses RSA which will be free in a few months, but what about the symmetric ciphers? Of course we should be weary of a "do it ourselves" attitude to security, since it is by far the most difficult field to get right - but on the other hand I would rather it took us longer to do things right then that we compromise the intentions of system to cram it into existing standards (as per my rejection of using HTTP). On Wed, 12 Apr 2000, Ian Clarke wrote: > > Yes, but the latter is much easier to do. Simply write a thingy that > > lets you specify rewrites for outgoing connections, and you can use > > a program like stunnel to provide the SSL, avoiding having to do the > > crypto yourself. > > The last time we discussed this, the main obstacle was that I really > didn't want to bundle an entire encryption package with Freenet, when we > would only be using a small fraction of its functionality (Cryptix was > suggested on several occasions). I would much rather use some code > which did what we needed it to do, no more, and no less (much like the > SHA1 class which is used by Freenet already - its small, neat, and does > what we need and no more). > > I think we should choose an encryption mechanism, and then find or write > some simple java code which does it. We will obviously do this in such > a manner that the encryption mechanism can be upgraded in future, but > for the moment we will stick with one. > > Ian. > > _______________________________________________ > Freenet-dev mailing list > Freenet-dev at lists.sourceforge.net > http://lists.sourceforge.net/mailman/listinfo/freenet-dev -- Oskar Sandberg md98-osa at nada.kth.se #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
