Timm Murray: > DSA was technically designed to be only a signature standard, but ways > were developed after DSA was released to use any public-key signature > algorithm for encryption. I think Freenet primarily uses DSA because at > the time much of the crypto was being developed, RSA was still patented.
Matthew was wrong. The station-to-station protocol, with a trivial modification that requires Alice to prove to Bob that she knows his public key, is used for session key negotiation. It provides forward security, in that the compromise of one session key does not compromise the others; anonymity, meaning neither Bob's nor Alice's public key is transmitted in the clear; and authentication of Bob to Alice. (The question "Is Alice really Alice?" never arises in the Freenet protocol, since Bob doesn't have a priori knowledge of Alice's identity.) A fast-verifying signature scheme would be a win for SVKs, but it's the aggregate sign-and-verify time that matters for link encryption. RSA's keypair generation is obnoxiously slow. _______________________________________________ Tech mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/tech
