Subject | Re: [Firebird-Architect] RC4 |
---|---|
Author | Olivier Mascia |
Post date | 2010-11-14T22:38:09Z |
Le 14 nov. 2010 à 19:39, Jim Starkey a écrit :
—
Olivier Mascia
> Here is the architecture:Well, this is SSL/TLS principle. Wouldn't it be preferable to re-use SSL/TLS? What rationale commands to design and implement a private scheme for exchanging the initial random session keys?
>
> 1. Servers generate RSA key pairs at startup time. They may, if they
> wish, generate new key pairs anytime they wish.
> 2. On first connection to a server, the client is given the server's
> public key and a list of supported encryption algorithms.
> 3. The client selects an algorithm, generates a one-time session key
> using a secure random number generator, encrypts the algorithm
> type and session key using the server's public key, and sends the
> gook to the server
> 4. The server decrypts the gook with its private key.
—
Olivier Mascia