We will be using STS, at least initially. Which means checking a signature.
On Fri, Sep 01, 2006 at 07:25:14PM +0100, Michael Rogers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew Toseland wrote: > > What about in session setup? > > To be honest I don't know enough about the key exchange protocol to give > an informed answer. If it's just a question of checking that a hash > matches a public key, we only need second preimage resistance and we > should be safe for the moment - an attacker might be able to generate > two public keys with the same hash, but he can't generate a public key > matching a given hash. > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060902/0259f0ed/attachment.pgp>
