Re: [GNUnet-developers] key exchanges [updated, resend]

[Jeff Burdges]

On Thu, 2015-08-27 at 00:18 +0200, Jeff Burdges wrote:
> Can we protect Bob without using a signature?  I think yes :
> 
> Alice can prove she possesses her public key not by signing but by
> encrypting : 
>    A? ->  B? : a_p
>    A? <-  B? : b_p
>    A  ->  B  : E(hash(ab++aB), A_p), E(hash(ab++aB++Ab), ...)

To clarify, Bob's key B was a wildcard in some protocols, but the
ephemeral key b is not, at least not anymore than other ephemeral
information.  Alice is encrypting to it in TripleDH, potentially
protecting against the wildcard attack, but only if you get the timing
right. 

Jeff

signature.asc
Description: This is a digitally signed message part