-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael T?nzer schrieb: > Matthew Toseland schrieb: >> On Thursday 17 January 2008 03:23, Michael T?nzer (vid,smtp2) wrote: >>> Matthew Toseland schrieb: >>> As we probably don't want to run a node on our server itself (we could, >>> but would it have enough ressources to serve the important things like >>> web pages, SVN and stuff even if we are /.ed?) the Seedserver has to >>> have a connection to a node somewhere and as we have some Nodes which >>> should be available anyway, why not use them? This also balances the >>> load between the Seednodes, avoids another single point of failure and >>> makes sure they're online so we don't have to recheck apart from that. >>> We don't have to be connected to all of our Seednodes all the time. Just >>> if we want to verify a new Seednode we establish a new connection to one >>> of our Seednodes on the Port which on which the Seedservice runs and >>> verify that it's us. >> You mean for the seed server to connect to the seednodes (easily spoofed), >> or >> for the seednodes to connect to each other (somewhat less easily spoofed)? > > For the Seedserver connecting to the Seednodes. > How is it supposed to be spoofed? > - Each packet that doesn't come from our Seedservers IP is dropped > - To accept the package it has to be encrypted with our public key > (which _should_ only be known to us)
Doh, of course the public key is known by someone else (otherwise it wouldn't be public) it should be only known by the _SeedServer_ because he's the only one we gave it to. But it also shouldn't be a problem if it get's known in public, then the second part of the identification process comes into play: > - The SeedServer has to verify itself, by sending back a random number > encrypted with it's public key (only the SeedServer knows the private > key to decrypt it an send it back) > regards Neo at NHNG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHj99sPUBAMhFf+J4RAq1EAJ9PFjXjb2ei8dsh0/IkT9J6dYehdwCgqzzY 1CPiLOM2d1nIbr5kl+unpTU= =VFyk -----END PGP SIGNATURE-----
