> Well, what I meant by anonymous was that they're connection-less, and
> with the nature of UDP, the tracker can't be quite sure that they are
> who they claim to be.
Anonymous has nothing to do with connection-less or not.
If the server is going to decode the packets that the client encrypts,
then the server must know which key to use to decrypt. This means the
server must be able to match up the client to the key. Depending on
how you view things, this may or may not, mean anonymous.
> weary about locking the protocol to a specific cipher though, but maybe
> the server could default to use the cipher that was negotiated between
> the tracker and the server during the TLS registration phase. Does that
> sound doable?
No. The bulk cipher negotiated by SSL/TLS will typically be something
that operated in a stream mode, and is therefore unsuitable for UDP,
where packets can arrive out of order or not at all.
> Each transmission here would probably be some 50-100 bytes, once a
> minute, set to scale for a few thousand servers per tracker.
Run some timing tests on your planned hardware, such as "openssl
speed rsa"
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
