[zeromq-dev] Proposal for ZeroMQ certificate format

shancat shannenlaptop at gmail.com
Wed Oct 16 15:40:27 CEST 2013


Point 1 & 3 should be excluded. Why bother with high strength crypto like
curve when it's easy to generate forged certificates in the first place?

2 needs to be analysed a bit more. I think Git does something very similar
but in that case it's probably to guard against repo corruption not
determined attackers.
On Oct 17, 2013 12:22 AM, "Pieter Hintjens" <ph at imatix.com> wrote:

> http://en.wikipedia.org/wiki/Public_key_fingerprint is relevant and
> describes the use case and vulnerabilities accurately.
>
> We have, I think, three options:
>
> - MD5 fingerprinting, with the risk of collisions
> - a more secure hash, which we must truncate to fit the use case, e.g.
> first 6 bytes of SHA512 hash
> - no fingerprinting at all
>
> -Pieter
>
>
> On Wed, Oct 16, 2013 at 3:08 PM, T. Linden <tlinden at cpan.org> wrote:
> > On Wed, Oct 16, 2013 at 01:59:54PM +0200, Pieter Hintjens wrote:
> >> However I'm not convinced we can ignore manual verification. If I send
> >> you my public key and then call you to check whether you got it, how
> >> are you going to tell me what you got?
> >
> > Well, that's an argument.
> >
> > Then what about some kind of id? Something like PGP is using, e.g.:
> > 0xA8960B17? I've got no clue how it's computed but such a key-id is
> > short enough for user verification.
> >
> >
> >
> > regards,
> > Tom
> >
> > --
> >     PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt
> > S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem
> >  Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> --
> -
> Pieter Hintjens
> CEO of iMatix.com
> Founder of ZeroMQ community
> blog: http://hintjens.com
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131017/d4b23fcb/attachment.htm>


More information about the zeromq-dev mailing list