You might want to worry about the integrity of the discovery system -- is it giving out the proper keys corresponding to the proper peer addresses, and can the integrity of the P2P system be compromised if it doesn't? In other words, can a hostile person or organization gain enough control over the discovery system to subvert the desired P2P functionality? For some applications this is only a minor concern; for some it is not.
If it is not, I suggest that as long as you are using public key cryptography that you also use a more distributed and secure kind of discovery system. For example where keypairs "claim," via digital signature, peer addresses as their "property," using something like the following Byzantine-fault-tolerant registry system: http://szabo.best.vwh.net/securetitle.html You could call it P2P PKI. Nick > Hi Luigi How are you? > > I'm thinking this solution that is a good compromise between > semplicity speed and security... I hope :-). > > the method is simple: > - Every peer have a public key > - Every peer for connect to another peer must know the other peer > public key (this is menaged by the discovery system es. a Tracker) > - The first message that a peer send for the validation of the > channel/connection the peer send a symmetric key crypted with the > public key of the other peer > - the other peer reply with messages encrypted with the symmetric key. > > That's all > > I hope this is good enough > comments are welcome ;-) > > bye TD > > -- > http://vw.zona13.com > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers > _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
