If you authenticate nodes and the algorithm used to authenticate is broken, then obviously all links you have that you expect to authenticate using that algorithm will be broken too. It doesn't matter whether you make the public key part of the address or if you share it some other way, when you can no longer trust the algorithm, you can't authenticate anyways.
I think that having the public key (or rather a hash of it - less chars make node addresses more manageable for initializing nodes and alike) be part of address is a good idea (it was what I was trying suggest to Hal and Brandon yesterday) but I'm not sure it constitutes a full PK system. There isn't any real level of trust in there, but at least you know that it is actually the node that the other node wanted you to talk to. On Sun, 30 Apr 2000, Ian Clarke wrote: > > It seems to me to be quite undesirable and inflexible to make the > > encryption method part of the address. For example, what if you have a > > reference in your datastore from last year which points to: > > twof:tcp/piclab.com:19114, but since then twofish has been broken and > > everyone is using threefish now? Or if you have a node which supports > > multiple encryption types you will have a messy proliferation of different > > addresses for the same node, and you might end up using a weaker algorithm > > than you have to. (e.g., Alice supports both DES and rot13, Bob only > > supports rot13, so Bob's reference to Alice's node is > > rot13:tcp/alice:19114; Chandler gets this reference from Bob, but even > > though Chandler speaks DES he ends up speaking rot13 to Alice.) > > Hmmm, yes, I see your point. I guess we should not go with the > public-key in address idea - but I still fail to see why people are > saying inter-node encryption is so difficult to achieve. > > Ian. > > _______________________________________________ > Freenet-dev mailing list > Freenet-dev at lists.sourceforge.net > http://lists.sourceforge.net/mailman/listinfo/freenet-dev -- Oskar Sandberg md98-osa at nada.kth.se #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
