> But you can't just start speaking encrypted gibberish right away. There > has to at least be a key exchange first. =)
Sure you can. PGP starts speaking gibberish right away. The key exchange has to be encrypted anyway or else there's all that nasty man in the middle attack stuff to deal with. There needs to be some way that you can specify that a node you're connecting to is using a specific algorithm and that you already know the key. In such situations you can just be spouting a bunch of seeming random gibberish and it will be very hard for listeners to figure out what is going on. but there should also be options for cipher negotiation. That part can be done with messages, handshakes probably. In a really nice setup you'd be able to include a tiny key with the address to the node. The key would only have to be big enough to outlive the key negotiation. You could encrypt with the initial key and use the encrypted connection to negotiate ciphers and keys. Since you have to include the initial key with the address, you might as well include the cipher as well. Cipher and key negotiation can still occur, but you need an initial cipher and key to start with. If the node changes what cipher it uses or what key it uses, you'll have to find a new reference for it. But the same is true if it switches IP addresses and cipher changing will be less frequent in many cases. And of course you don't have to make the address you distribute an encrypting one, you can make it a plain connection and then do cipher negotiations via handshake in the open, but it's probably a bad idea in terms of security. _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
