On Thu, 2015-08-27 at 00:18 +0200, Jeff Burdges wrote: > Can we protect Bob without using a signature? I think yes : > > Alice can prove she possesses her public key not by signing but by > encrypting : > A? -> B? : a_p > A? <- B? : b_p > A -> B : E(hash(ab++aB), A_p), E(hash(ab++aB++Ab), ...)
To clarify, Bob's key B was a wildcard in some protocols, but the ephemeral key b is not, at least not anymore than other ephemeral information. Alice is encrypting to it in TripleDH, potentially protecting against the wildcard attack, but only if you get the timing right. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
