how can I properly secure small anonymous UDP transmissions?
I don't know what you mean by this. Are you sure you mean anonymous?
Well, what I meant by anonymous was that they're connection-less, and with the nature of UDP, the tracker can't be quite sure that they are who they claim to be.
Here's a simple thing: when your "agents" connect to the server, have the server create a symmetric key (e.g., 3DES) and send it back to the client. When your clients send UDP packets, have them encrypt it first. Your server will have to keep a list of the keys, and map it to IP address or other plaintex identifier in the UDP message. That breaks anonymity.
Right, this is something along the lines of what I was thinking. I'm weary about locking the protocol to a specific cipher though, but maybe the server could default to use the cipher that was negotiated between the tracker and the server during the TLS registration phase. Does that sound doable?
Or your agents can encrypt the UDP data using the server's public key. The server then RSA decrypts each packet. That preserves anonymity. Without crypto hardware it is going to take too much CPU time.
By that last part, you mean to say that this scheme would not be feasible unless crypto hardware is in place? Is RSA that intensive? Each transmission here would probably be some 50-100 bytes, once a minute, set to scale for a few thousand servers per tracker.
Thanks for the reply, Axel Andersson
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
