[dcc2] Multi headers + metadata
Ben Damm
bdamm-dcc2 at dammfine.com
Thu Apr 29 02:35:44 EDT 2004
On Thu, Apr 29, 2004 at 01:11:00AM -0500, Phoenix Fyrestar wrote:
> As far as running everything through SSL, I have no problem with this, I was
> just under the (apparently mistaken) impression that for some reason or
> another people were thinking this might not be a good idea, so I was trying
> to purpose alternate solutions.
My understanding of SSL is that it both encrypts and authenticates (if
you trust the certificate authority). Some people think this is great,
but to me it sounds like overhead. As a light-weight encryption
system, SSL is not so hot because of the certificates. People are not
going to go purchasing certificates from VeriSign just to use DCC, and a
self-signed certificate is just as bad as no authentication at all (i.e.
no protection against man-in-the-middle attacks).
So, the idea with symmetric keys is that you generate a secret and
exchange it via an asymmetric algorithm, then switch to the symmetric
algorithm to do the transfer. You do this switching because asymmetric
encryption is much more resource intensive than symmetric communication.
-Ben
More information about the dcc2
mailing list