* David Sowder <freenet-devl at david.sowder.com> [2007-10-31 13:17:36]:
> David ???Bombe??? Roden wrote: > > On Wed, 2007-10-31 at 16:31 +0100, Florent Daigni?re wrote: > > > > > >> I don't... Keep in mind that FCP is insecure by design... > >> > > > > Now you're the second person reminding me of that. Please, PLEASE tell > > why an FCP client should be allowed to request illegal material but not > > to create a new key pair? Or sign a message with a previously generated > > key? > > > > I'm seriously wondering what people think I am suggesting here. Maybe > > you can elaborate on that. > > > > The node providing crypto funtionality via FCP could be very useful. As > for it being insecure, perhaps we could add support for FCP over SSL on > a separate port. Link security is the obvious thing... DoSes are an other one. Generally speaking, the less services the node provides, the simpler the protocol is... The best it is for everyone. By the way sharing our RNG with clients is probably a bad idea (most crypto operations involve using some randomness) and we will have to expose it at some point if we want clients to do some useful stuffs. I still don't get why clients can't import our classes ... and do their own crypto with it (okay they are licencing issues... but we want everyone to use GPL, don't we ? :p) NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071031/ec32e530/attachment.pgp>
