[prev in list] [next in list] [prev in thread] [next in thread] 

List:       botan-devel
Subject:    [Botan-devel] Quick Tutorial Question
From:       seattlesparks () mac ! com (Rachel Blackman)
Date:       2005-10-05 19:21:24
Message-ID: 76d8839844ca4cdaf6039f8ee0024f40 () mac ! com
[Download RAW message or body]

>  - A client can claim to be another client to the server, and either
>      - Start receiving that client's messages, either ignoring them or
>         responding to them blindly
>      - Start sending messages to someone else claiming to be the wrong 
> client

There's already a PK-based challenge/response step at the connection 
and authentication phase, in the design.  The server sends a randomly 
generated challenge, encrypted with the public key of the client 
claiming to connect; the client has to use the appropriate private key 
to decrypt and sign the challenge, sending the signature back as a 
response.

For the sake of the design, I have to assume that the server is 
reasonably trustworthy.  Still, I think the overhead's probably 
manageable for signing each message packet too, and it might be a 
useful additional step.

That said, I probably should work up a way to allow for longer messages 
*anyway*, even if the initial stuff is probably going to be short data 
payloads.



[prev in list] [next in list] [prev in thread] [next in thread]