Re: [Monotone-devel] netsync transport encryption?

[Richard Levitte - VMS Whacker]

In message <address@hidden> on Wed, 25 Oct 2006 14:28:56 +0200, Dirk Hillbrecht 
<address@hidden> said:

dh> Hi,
dh> 
dh> Cem Karan wrote:
dh> > Poking through the Botan sources, I saw that it supports AES all the
dh> > way through 256 bit keys, and there seems to be support for the
dh> > various modes of encryption (CBC, CFB, etc.), so once the session keys
dh> > are setup, the rest should be pretty easy. [...]
dh> The question is what you want: Encryption or authentication. If you want
dh> a full-blown authentication, than a public key scheme as outlined is
dh> needed. If you, however, only want an encrypted connection (and
dh> authenticate the remote site by other means), then a simple
dh> Diffie-Hellman-key-exchange at the beginning would be sufficient for
dh> setting up the symmetric key. Diffie-Hellman allows to create a secret
dh> session key between two parties through an unencrypted connection
dh> without any third person being able to steal the key - even if that Eve
dh> listens to the complete data traffic. Pretty slick.

monotone already does authentication.  Encryption would therefore
merely be an add-on.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         address@hidden
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis