Secrecy of public keys

Guus Sliepen guus at tinc-vpn.org
Fri Jun 25 23:02:44 CEST 2021


On Fri, Jun 25, 2021 at 12:30:46PM -0700, Sean Whitton wrote:

> On Fri 25 Jun 2021 at 09:13PM +02, Guus Sliepen wrote:
> 
> > The public key should of course never have to be kept secret.
> > The new protocol in tinc 1.1 is not vulnerable to this issue.
> >
> > Note that both the old and new protocol are designed such that the
> > public keys are never made public by tinc itself: you couldn't connect
> > to a tinc daemon and get it to to tell you the public key, unlike say
> > SSH.
> 
> Thank you for your reply.  Very helpful.  May I ask why the new protocol
> refuses to share the public key, if it is truly not a secret?  Just that
> it's not necessary?

It's indeed not necessary, and just adds some extra defense.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20210625/0d18fee6/attachment.sig>


More information about the tinc mailing list