[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto-based host identifiers

To: Erik Nordmark <Erik.Nordmark@sun.com>
Subject: Re: Crypto-based host identifiers
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sat, 1 Nov 2003 12:26:54 +0100
Cc: Multi6 Mailing List <multi6@ops.ietf.org>
In-reply-to: <Roam.SIMC.2.0.6.1067604593.12721.nordmark@bebop.france>
References: <Roam.SIMC.2.0.6.1067604593.12721.nordmark@bebop.france>

On 31 okt 2003, at 13:49, Erik Nordmark wrote:

Another mechanism to limit the exposure by short hashes is
that the first time a host performs the PK challenge with the peer
it records the actual public key.

Yes, this is a very good way to handle this. This is what SSH does.

But why stop there if you can simply download *all* site keys and store them locally beforehand if you're sufficiently paranoid?

References:
- Re: Crypto-based host identifiers
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: Re: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
Next by Date: Re: Notes on draft-crocker-mast-analysis-01.txt
Previous by thread: Re: Crypto-based host identifiers
Next by thread: survivability, rewriting
Index(es):
- Date
- Thread