Re: [Monotone-devel] Re: netsync transport encryption?

[Cem Karan]

> > In short, you would lose authentication and guarantees of privacy  
> > if you don't have each other's public keys, but it shouldn't  
> > affect the connection in any way, even for anonymous access.
>
> You totally ignore man-in-the-middle attacks, don't you?

I'm sorry, I was unclear in what I meant when I wrote that.  When I  
wrote "...but it shouldn't affect the connection in any way, even for  
anonymous access.", I meant from a code point of view.  The Monotone  
source will see the (fake/anonymous/whatever you want to call it)  
public keys, and use them the same way as if you had real keys and  
real authentication.  I make no guarantees about security without  
authentication! ;)

Thanks,
Cem Karan