[Nym3-devel] Account creation and proof of work.
Laurent Fousse
laurent at komite.net
Sun Apr 10 19:07:24 CEST 2005
Hi,
I thought I had already send an email some times ago about the proof
of work system which is still unspecified, but I didn't find it in the
archive. Whatever.
My current feeling is that the PW (proof of work) field for the CREATE
command (section 4.3.1) is useless. We already check that the whole
account creation message is not bogus by using the signature in the
header. So when the server gets this message it is already "proven"
that the identity key works. My suggestion is that we drop the PW
field here.
In the first CREATED command sent by the server, there can be an
optionnal challenge. I suggest the following:
- if the challenge is empty, then the account has been created.
The creation handshake is completed. This can happen right after
the CREATE command (in which case no proof-of-work was required
of the user), or after a CREATED2 command if the user answered
the challenge correctly.
- if the challenge is not empty, name it C. The client should
consider C the RSA-OEAP encryption of M for the encryption key
given in the NEWPK command. The answer to the challenge is
SHA1(M).
Comments?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.noreply.org/pipermail/nym3-devel/attachments/20050410/49f682fd/attachment.pgp
More information about the Nym3-devel
mailing list