On Wed, Jan 9, 2013 at 9:48 AM, Michael Rogers <[email protected]> wrote: > But I have to admit that I can't think of a way for the endpoints to > signal to each other that OpenPGP keys should be used to authenticate > the connection, without signalling the same to an eavesdropper. Any > thoughts?
Allow OpenPGP only? Avoid identifying the signing key and force the client to iterate through key types until it finds a match? The options might be crazy, but they meet the stated need. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
