[p2p-hackers] P2P Authentication
Alen Peacock
alenlpeacock at gmail.com
Wed Oct 26 19:55:15 UTC 2005
On 10/26/05, Antoine Pitrou <solipsis at pitrou.net> wrote:
>
> > In other words, given a node 'A', a node 'B', and an attacker 'C',
> > each with a public/private key pair (Au/Ar, Bu/Br, etc):
> [snip]
>
> How do A and B know their counterpart's public keys for sure?
> And if they do, then why reinvent the wheel? Traditional public key
> signing works well for these cases.
Both A and B make their public keys available upon request. Before
interacting with B, A will have to obtain B's public key directly, and
vice versa. This only needs to happen once.
Traditional public key signing doesn't work well if you want to
eliminate the central authority / trusted third party. If you like
keeping those around, then yes, absolutely, traditional PKI works
swimmingly.
> IOW, I think your problem is ill-defined.
I'll go ahead and agree with you on this. I was projecting a
problem I was thinking about onto the problem Frank was thinking
about, and it is certainly true that my problems are not his problems
:)
Alen
More information about the P2p-hackers
mailing list