[dcc2] Multi headers + metadata
peter green
plugwash at p10link.net
Thu Apr 29 17:36:22 EDT 2004
essentilaly you are reinventing ssl
one or both ends of a sll link ccan have a host key
if you know the public host ey of a host you can verifify securely that it
really is that host
with https the host keys are signed by a certification authority but
swapping them in advance is perfectly possible
at the end of the day to securely protect against man in the middle you need
to be sure the public host keys you have really belong to the other host
hence why we have certification authorites
-----Original Message-----
From: dcc2-bounces at dcc2.org [mailto:dcc2-bounces at dcc2.org]On Behalf Of
Phoenix Fyrestar
Sent: 29 April 2004 22:30
To: DCC2 Working Group List
Subject: Re: [dcc2] Multi headers + metadata
What about doing this through some sort of automated public key encryption.
Each client generates a random public/private key pair, then exchange public
keys
Then either all data, or a symmetric key, is transferred using the public
key encryption method.
On 4/29/04 1:35 AM, "Ben Damm" <bdamm-dcc2 at dammfine.com> wrote:
> On Thu, Apr 29, 2004 at 01:11:00AM -0500, Phoenix Fyrestar wrote:
>> As far as running everything through SSL, I have no problem with this, I
was
>> just under the (apparently mistaken) impression that for some reason or
>> another people were thinking this might not be a good idea, so I was
trying
>> to purpose alternate solutions.
>
> My understanding of SSL is that it both encrypts and authenticates (if
> you trust the certificate authority). Some people think this is great,
> but to me it sounds like overhead. As a light-weight encryption
> system, SSL is not so hot because of the certificates. People are not
> going to go purchasing certificates from VeriSign just to use DCC, and a
> self-signed certificate is just as bad as no authentication at all (i.e.
> no protection against man-in-the-middle attacks).
>
> So, the idea with symmetric keys is that you generate a secret and
> exchange it via an asymmetric algorithm, then switch to the symmetric
> algorithm to do the transfer. You do this switching because asymmetric
> encryption is much more resource intensive than symmetric communication.
>
> -Ben
>
> _______________________________________________
> dcc2 mailing list
> dcc2 at dcc2.org
> http://six.pairlist.net/mailman/listinfo/dcc2
_______________________________________________
dcc2 mailing list
dcc2 at dcc2.org
http://six.pairlist.net/mailman/listinfo/dcc2
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.672 / Virus Database: 434 - Release Date: 28/04/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.672 / Virus Database: 434 - Release Date: 28/04/2004
More information about the dcc2
mailing list