Evan Daniel wrote: >>> In which case, the KSK isn't actually the SHA of the final data... >> Right - it's the SHA1 of the data stored under the KSK. The data stored >> under the KSK is the key of a redirect to the final data. The inserter >> can make any number of redirects to the same data, and therefore any >> number of distict KSKs, until one of them inserts without a collision, >> at which point the inserter has a KSK to give to the requester. > > Then what's the benefit over using a short KSK, as I was suggesting?
There's very little difference - I just wanted to point out that Alex's scheme could be implemented without a special key type. The only (probably minor) benefit is that if collisions don't work perfectly, so the attacker can sometimes arrange a situation where different parts of the network have different data stored under the same KSK, then requesters will still be able to verify that hash of the data matches the KSK keyword. I guess that extra layer of protection may or may not be useful depending on how well routing works. Cheers, Michael
