> Date: Sat, 26 Aug 2000 19:23:02 -0500 > From: MJR <mroberts100 at mediaone.net> > Subject: Re: [Freenet-dev] Bakunin 0.2 > > > I don't know what how many other keytypes need be supported. CHK's are > content-verified and SSK's are sender-verified. That's all I need. KSK's > suck IMHO. SVKs are really just more primitive SSKs that "hold" only one > file. Why support them? Or, who will use them. That's the question. >
If you have support for generating SSKs then you have support for SVKs by default, so what are you worried about? There are these 4 different keytypes for a reason. Take a look at the Key Beastiary at: http://freenet.sourceforge.net/index.php?page=keys This listing of keytypes makes an attempt at explaining why a keytype exists and how to generate it. If it is not crystal clear, let me know where it isn't and I will attempt to make it clearer. In brief, KSK = guessable key and signed with the plaintext key to discourage tampering. They may not be totally trustworthy (i.e. anyone who can guess the plaintext key can modify the contents while it is being routed) but it is 1000% more secure than the older KHKs. The ability to verbally tell someone a key on Freenet is indispensible and this is the only key you can do that with. SVK = updatable key if you have the crypto key. I don't know if the nodes handle the updating of SVKs in a simple manner yet but that is the idea is to version stamp the content and let nodes replace older SVKs with newer ones. The routing of such updates will be tricky to optimize since one wants to avoid opening up Freenet to broadcast attacks. CHK = 100% non-temperable key. If you change the contents, you change the CHK. The bulk of data will be under these keys to keep it secure. SSK = provides a guessable subspace under a SVK key. They allow you to reserve a section of namespace for a forum/mailbox/directory/any-future-use-that- client-writers-can-think-of. The SSK will likely be augmented in the future. All of these keys provide a means for every node in the routing chain to verify the integrity of the contents being delivered without revealing the contents. Most likely all of the future Freenet concepts (searching, full updating, PKI, address retrieval, etc.) will be based upon these keytypes. Mike _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
