Lucky Green writes:
Be it SSH, TLS, or an abomination such as IKE, the inevitable
consequence of providing a choice of cryptographic algorithms is
that the weakest algorithm will stay around forever. In addition,
implementing the algorithm negotiation tends to be the *vast*
majority of the crypto-related work. Implementing such a negotiation
securely is one of the true challenges in practical cryptography.
There is one very profound and fundamental conclusion that can be
drawn from looking at the past efforts that involved implementing
negotiating the cryptographic algorithms: don't!
Good advice.
Alternatively, since there have been two (or three and a half, counting
IKE) implementation of algorithm negotiation, Freenet could just use one
of those. You'd think it would save *someone* (say, Scott), a lot of
work.
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
