CurveZMQ solved the problem of transport reliability *and* security, with a simple API. Don't reinvent your own thing http://curvezmq.org
@jedisct1 if @hintjens followed CurveCP to the letter, the answer is no. @CodesInChaos offered better ideas for handling key compromises
-
-
@bascule@jedisct1@CodesInChaos following CurveCP closely makes it easier to critique and improve. This is a draft protocol. -
@hintjens@jedisct1@CodesInChaos have you published a spec or is the spec CurveCP? - End of conversation
New conversation -
-
-
@bascule@jedisct1@hintjens Very similar to CurveCP, including dubious use of C->S for client authentication. See https://codesinchaos.wordpress.com/2012/09/09/curvecp-1/ … -
@CodesInChaos@bascule@jedisct1 I've posted a comment on your article. I don't see how the vouch is vulnerable to replay. -
-
@CodesInChaos@bascule@jedisct1 ack, but I don't understand how the vouch can be seen by the attacker -
-
-
@CodesInChaos@hintjens@jedisct1 haha, wonder when there will be HSMs with box support ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.