> In other words, given a node 'A', a node 'B', and an attacker 'C', > each with a public/private key pair (Au/Ar, Bu/Br, etc): [snip] How do A and B know their counterpart's public keys for sure? And if they do, then why reinvent the wheel? Traditional public key signing works well for these cases. IOW, I think your problem is ill-defined.