> > So I'm assuming that like ssh the client must keep the result of the key > > exchange so prevent in between attacks? > > The key is created with every connection. There's no data stored in > between. Although we aren't 100% in-between proof we should at least try. Otherwise every inbetween attack will have a 100% chance of success.
Would it be so bad to keep a public key around for a week or so, regenerating it at the end of the week and doing a nullifying cert on the old one? Thoughts? -Larry _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
