[Top] [All Lists]

Re: Packet length: header vs. context

2007-01-08 08:52:48

Levi Broderick wrote:
Ian G wrote:

Finally, the ID has passed the point of minor tweaks.  We've been at
this for a decade now.  No more changes please, seal the document and
let's move on.  I vote NO to any changes, even without knowing what they
are ;)

Of course!

The reason for my original question was that I was unsure if such a
packet could be used to undermine the security of any protocols in the
system.  Now that I think about it, though, I don't see how it could be

Always worth probing, as long as you don't mind the cringing of those fearful of yet more changes to the Doc :)

It's unlike other attacks that use the software as an oracle
since public key information is - well - public. :)

Just a minor quibble: just because a key is named "public", it doesn't mean it is public. The key marked as "public" is to be sent to your counterparty ... and we need to be careful to not confuse counterparty with "the whole world."

(I say this because I recently saw a discussion where a CA's criteria for audit specified that the public keys had to be published in public ... and the CA in question deliberately does not publish public keys ... because that might breach privacy rules ... )