hal at finney.org wrote: > I agree, we don't want to rely on obscurity. But that is what you are > doing if you are afraid of putting the initial DH request message in > some kind of plainly readable form. Doing a binary DH exchange adds no > more security than doing a textual one. At most it adds some obscurity. > > Any attacker who has more than idle curiosity about whether you are > running a Freenet node can simply use his own node-compatible software > (perhaps a slightly patched Freenet node) to query you himself. I don't > see that using a binary exchange format adds any significant security for > cases where you care enough about security that encryption is important.
It is true that that won't stop someone from finding if you in particular are running a Freenet node. But something along these lines is still useful to make it much more difficult for an upstream provider to find out if any of its users are running Freenet nodes. With a textual announcement you can trawl through all your traffic looking for "Freenet v1.0 DH KeyExchange", instead of having to scan each port on each of your users trying to Freenet handshake. theo _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
