[zeromq-dev] Proposal for ZeroMQ certificate format

Pieter Hintjens ph at imatix.com
Thu Oct 17 08:59:39 CEST 2013


Tony,

I realized what you are explaining. It's impossible to decode the
certificate without the sender's public key anyhow, so it has to be
sent in clear.

So this brings us to a public key format which is Box
[metadata](C'->S), where C and the nonce used are clear-text headers.
And then the fingerprint is entirely redundant since it's easy to
verify C in the header.

Thanks...!

-Pieter


On Thu, Oct 17, 2013 at 3:21 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Wed, Oct 16, 2013 at 6:06 PM, crocket <crockabiscuit at gmail.com> wrote:
>>
>> A digest might save network bandwidth in exchange for more CPU usage.
>
>
> No, you cannot perform Curve25519 scalar multiplication without the full
> public key. And again, we're talking about 256-bits here. The reason key
> fingerprints exist in the first place is because secure RSA public keys are
> 2048+ bits
>
> --
> Tony Arcieri
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



-- 
-
Pieter Hintjens
CEO of iMatix.com
Founder of ZeroMQ community
blog: http://hintjens.com



More information about the zeromq-dev mailing list