On Sat, 29 Apr 2000, Brandon wrote: <snip> > I'm not talking about authenticate so much as encrypting the key exchange > so that man in the middle attacks don't work. You'd then have to be a man > in the middle who knows the public key for the system. This isn't all that > secure, but more secure than exchanging the keys in the open, and better > for keeping Freenet nodes from being detected than having them speak > Freenet protocol in the open.
The "man in the middle" attack that we are talking about is simply you talking something else then the node you think you are talking to. To authenticate means to check who you are talking to, and that that is who you expect it to be. Obviously, stopping this "man in the middle attack" is the same as authenticating who you are talking to. The obvious authentication method, and this is possibly what you mean, is to pass a fingerprint/hash of the PK along with the Address, so that it looks like this: tcp/123.45.67.89:50001|98ABDFC4CE9973CC498DD9A24E4FE9F37B2609E8 using that you can check if the PK sent back actually is that of the node that set the DataSource in the Request you got the reference from. However, you still don't know whether that is good, or bad, or whatever, so I'm not sure exactly how valuable this is. > However, I agree that there are two separate encryption layers here. So we > should go ahead and implement the first layer which requires key/cipher > negotiation via handshake messages. So what we need to decide on is what > to call the fields in the handshake messages. > > The way I think it should work is that the handshake requester specifies > what encryption methods it would like (in order of preference?) and the > handshake reply specifies a single encryption method to use. I don't want to use the handshake for the encryption negotiation. I want to keep this outside the message protocol and part of the carrier. The message passing protocol just assumes it has an outputstream from it's computer that goes into the next. No need to complicate things there. You make things a lot more complicated as well, because if you use the handshakes from crypto negotiation, then you have to be able to change the crypto in the middle of a connection, where as otherwise you can just decide that the negotiation is done when the line is set up an think no more of it. > > > > _______________________________________________ > Freenet-dev mailing list > Freenet-dev at lists.sourceforge.net > http://lists.sourceforge.net/mailman/listinfo/freenet-dev -- Oskar Sandberg md98-osa at nada.kth.se #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
