On Wednesday 14 November 2007 16:03, Michael Rogers wrote: > Florent Daigni?re wrote: > > Go ahead and suggest something that works then :) > > OK, here's my suggestion: > > 1. Remove the address and port from the current ref > 2. Call what remains (crypto parameters, public key etc) the "long ref" > 3. The address, port, and the hash of the long ref form the "short ref" > 4. The short refs (38 bytes) are exchanged out of band > 5. Obfuscation key = hash (A's short ref, B's short ref, nonce) > 6. The long refs are exchanged during obfuscated JFK (in the ID_I and > ID_R fields of messages 3 and 4) > 7. Before completing JFK, the long refs are verified by hashing them and > comparing the hashes contained in the short refs
Is it port-scan resistant? How exactly would phase 0 work? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071114/6a631762/attachment.pgp>
