On Fri, Feb 08, 2008 at 09:52:40AM +0000, Lalo Martins wrote:
> Is there any rhyme or reason to site ids?

The current "testing" site ids are not "true" site ids.  The site id is 
actually supposed to be the public half of a public/private key pair 
using elliptic curve cryptography.  A 128 bit key yields about 64 bits 
of security.

> If all libraries will ship a separate site (as XOD or something) with 
> their OTDs, won't that pollute the site id space?
> And aren't them bound to clash at some point?  Maybe set up a registry of 
> library site ids somewhere in the website?

The idea is for site ids to be globally unique, since there is only a 
1/2^128 chance of generating a collision.  In order to claim to be a 
site you have to prove that you know the corresponding private key, thus 
you can't just pick an aribtrary public site id (unless you know how to 
work backwards to get the private key, in which case the NSA would like 
to have a word with you.)
> Or is this (library OTD) going to be substantially different later on?

I understand your confusion, it isn't very meaningful at the moment 
because it is not yet doing any of the digital signature checking that I 
have planned.

I need to write a tool that spits out public/private keypairs for use 
with VOS.

[Lead Programmer][Interreality Project][Virtual Reality for the Internet]
[ VOS: Next Generation Internet Communication][ http://interreality.org ]
[ http://interreality.org/~tetron ][ pgpkey:  pgpkeys.mit.edu  18C21DF7 ]

Attachment: signature.asc
Description: Digital signature

vos-d mailing list

Reply via email to