On Wed, 2007-10-31 at 22:11 +0100, Florent Daigni?re wrote:
> Link security is the obvious thing... DoSes are an other one.
We're talking about FCP here. Where is the DoS potential?
> Generally speaking, the less services the node provides, the simpler
> the protocol is... The best it is for everyone.
Which is true for FNP but not necessarily for FCP.
> By the way sharing our RNG with clients is probably a bad idea (most
> crypto operations involve using some randomness) and we will have to
> expose it at some point if we want clients to do some useful stuffs.
You don't have to expose the RNG. The node just needs to perform a
couple of operations on behalf of the clients. You could even add the
FCP messages as an entropy source.
> That's what the GenerateSSK message is for.
You have no idea what I'm talking about, do you? Otherwise please tell
me how I use that key pair to encrypt data. Thank you in advance. :)
> I still don't get why clients can't import our classes ... and do
> their own crypto with it (okay they are licencing issues... but we
> want everyone to use GPL, don't we ? :p)
Because then client developers have to learn Yet Another API buried deep
within the bowels of another software. That sucks. FCP would be a clean
lean, and mean interface for crypto operations. And, frankly, from what
I've seen so far the freenet crypto API is far from being clean,
documented, and usable by other people. You'd have more success with
SUN's JCE.
Just to be clear: What I want is to perform cryptographic operations in
a client. I want to create key pairs that can identify a user. I want to
create session keys to encrypt data. I want to sign data with the keys I
generated. Decrypting. Verifying. Client stuff, you know? :)
What I do NOT want is to busy myself with JSE, JCA, BouncyCastle or any
other API because the node can already do all that for me.
> NextGen$
Bombe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20071031/023bce8a/attachment.pgp>
