[freenet-support] Warning: Deprecation of pre-1010 broken crypto keys
Matthew Toseland
toad at amphibian.dyndns.org
Tue May 22 18:10:14 UTC 2007
Unless there are vigorous objections, the next build of Freenet will have
allowInsecureSSKs set to default to false. What this means is that unless you
change the option, you cannot access freesites or SSK/USK files inserted
using insecure crypto, i.e. inserted with keys generated before 1010.
However, at a network level they will remain, for now, as will CHKs, for now.
PLEASE migrate your freesites. If you particularly value a freesite which
isn't your own, but isn't likely to be updated, migrate it yourself! You can
always make clear that it's a mirror.
The plan is for the next build (1035) to have allowInsecureSSKs=false, the one
after it to have allowInsecureCHKs=false, and then for the code and the
network-level support for insecure keys to be deleted some time later (on a
scale of months probably). Code which only exists to replicate past
insecurity for backwards compatibility's sake has no place in Freenet!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/support/attachments/20070522/d68c7c12/attachment.pgp
More information about the Support
mailing list