[zeromq-dev] Proposal for ZeroMQ certificate format

Tony Arcieri bascule at gmail.com
Thu Oct 17 19:33:49 CEST 2013


On Wed, Oct 16, 2013 at 11:59 PM, Pieter Hintjens <ph at imatix.com> wrote:

> Tony,
>
> I realized what you are explaining. It's impossible to decode the
> certificate without the sender's public key anyhow, so it has to be
> sent in clear.
>

Nice, glad we're clear now ;)


> So this brings us to a public key format which is Box
> [metadata](C'->S), where C and the nonce used are clear-text headers.
> And then the fingerprint is entirely redundant since it's easy to
> verify C in the header.


Yep!

Laurent, you might want to read over what Pieter just said. You can't
complete a D-H key exchange without sending one the public keys in the
clear.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131017/6461d244/attachment.htm>


More information about the zeromq-dev mailing list