James Muir wrote: >>> putting the security of the scheme aside, one question that comes to >>> mind is how Alice (the OP) is going to get an authentic copy of Ricky's >>> DH public key, y. One way to do this is to include it in the router >>> descriptors. But then we have to ask if it's worth adding a new public >>> key for each OR to the Tor PKI to just save one exponentiation during >>> session key agreement. >>> >>> -James >>> >> We already distribute different keys for the current protocol. But the >> one I proposed is insecure so we might as well forget about it. Schnorr >> signatures are secure and are intended for this purpose, but we can only >> use them after 2008. > > the way things are done now, each OR has two public keys in its router > descriptor. you are, I think, suggesting that another be added. I was > just wondering if you had considered the extra bandwidth load this puts > on the directory servers. If the extra load is substantial (maybe it > isn't, i don't know), then maybe we shouldn't give the ORs another > public key to manage just to save one 1024-bit exponentiation. > > -James > I was suggesting replacing the second key with the new key.
Attachment:
signature.asc
Description: OpenPGP digital signature