Due to recent technical difficulties, I have lost the session protocol
version 2 that we thrashed out. I have a few ideas but I do not have the
full design discussion and the protocol spec. I have this message from
the devl archives, which was originally addressed to Scott:
------------------------------------------------------------------------
Oskar is of the opinion that we can replace the current session restart
code, which does some PK operations, with something like this:
Alice:
Token =3D H(bob's PK XOR my PK + session key)
Send Token + H(bob's PK + token)
Bob:
If gets it all right, accept it and send IV
If gets H(bob's PK + token) right (he sent token, we know our
own PK), we know he knows our key, so send a hangup byte (and
go to inbound neg with no known session)
If gets it all wrong, close the connection
Do you concur? We will need to implement a new session version anyway
for various reasons in the not too distant future, so now is a good time
to do this. Are there any security issues you can see that are present
in this version and not in the original?
-------------------------------------------------------------------------
We need to discuss this, if you have a log of that conversation it
would be useful, and we did revise it a bit since then - I think we
changed or got rid of the pubkeys... Also there is a trivial detail,
which is that we need to allow some binary fields just after negotiation
so we can send for example the detected IP address of the node on the
other end - that is fairly trivial though, just do
<option number byte><length of option><option content>
....
<0 => end>
I am keeping this on devl so I have some sort of record of it.
_______________________________________________
devl mailing list
devl at freenetproject.org
http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
