On Fri, Jun 25, 2021 at 12:30:46PM -0700, Sean Whitton wrote: > On Fri 25 Jun 2021 at 09:13PM +02, Guus Sliepen wrote: > > > The public key should of course never have to be kept secret. > > The new protocol in tinc 1.1 is not vulnerable to this issue. > > > > Note that both the old and new protocol are designed such that the > > public keys are never made public by tinc itself: you couldn't connect > > to a tinc daemon and get it to to tell you the public key, unlike say > > SSH. > > Thank you for your reply. Very helpful. May I ask why the new protocol > refuses to share the public key, if it is truly not a secret? Just that > it's not necessary?
It's indeed not necessary, and just adds some extra defense.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[email protected]>
signature.asc
Description: PGP signature
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
