[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reconciling link authentication and key rotation

To: mixminion-dev@freehaven.net
Subject: Re: Reconciling link authentication and key rotation
From: Roger Dingledine <arma@mit.edu>
Date: Sun, 2 Mar 2003 07:21:06 -0500
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Sun, 02 Mar 2003 07:21:09 -0500
In-reply-to: <Pine.LNX.4.44.0303020704010.23451-100000@blackbird.lcs.mit.edu>; from gd@theory.lcs.mit.edu on Sun, Mar 02, 2003 at 07:04:58AM -0500
References: <20030301020742.Y15994@moria.mit.edu> <Pine.LNX.4.44.0303020704010.23451-100000@blackbird.lcs.mit.edu>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-agent: Mutt/1.2.5.1i

On Sun, Mar 02, 2003 at 07:04:58AM -0500, George Danezis wrote:
> > So when two nodes create a forward secure link with each other, they
> > each provide a certificate, including the transport key, signed by their
> > signature key? Is there a standard procedure for providing a new transport
> > key that's just as authentic (signed) as the old one?
> 
> This is how we have implemented it here in Cambridge. We should clarify in 
> the spec that the signature is the one of the long term signature key.

Great.

...Is there a standard procedure for providing a new transport key that's
just as authentic (signed) as the old one? Can you just send the new
one inside the authenticated stream, and switch, and you're all set?

--Roger

References:
- Reconciling link authentication and key rotation
  - From: Roger Dingledine <arma@mit.edu>
- Re: Reconciling link authentication and key rotation
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: Re: Reconciling link authentication and key rotation
Next by Date: comments on design doc
Previous by thread: Re: Reconciling link authentication and key rotation
Next by thread: Re: Reconciling link authentication and key rotation
Index(es):
- Date
- Thread