[Commotion-dev] Whether to use encrypted meshing, how to accept new nodes?
The Doctor
drwho at virtadpt.net
Tue Dec 11 16:31:13 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/10/2012 10:31 PM, Paul Gardner-Stephen wrote:
> I need to get my head back into it again, but is the trusted
> central authority necessary if network addresses are public keys?
It depends on whether or not you trust a public key a node offers you
to be a legitimate one (i.e., not one generated by an attacker for
that node) or not (Eve is in the middle and generates a keypair for
the node you want to communicate with, so she can monitor the
encrypted traffic). However, in a full ad-hoc (i.e., unplanned
network) you can't trust any of the central authorities, either,
because Eve can set one up just as Bob can.
The other side of this is TOFU, which SSH has been using for years.
While the safety of it can be debated (and has), it's utility and
practicality are the selling point.
- --
The Doctor [412/724/301/703] [ZS|Media]
Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
WWPMD? (What Would Paul Muad'dib Do?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDHX9EACgkQO9j/K4B7F8EF5ACbBOksLrdzdTZKrDRAyZZwlZCF
AQUAoN3RwZ+wUmCf7lBWvn+CzZMyW4ux
=v7su
-----END PGP SIGNATURE-----
More information about the Commotion-dev
mailing list