is this really a security issue? if 2 peers disagree on their KEYP, the worse that could happen is a failure to establish the connection. i fail to see how a third party could exploit this divergence to "sneak a cert into the chain" while keeping the KEYP intact.
DC++ follows the spec in this regard; this should be discussed with ADC maintainers to decide whether taking the cert chain into account is indeed necessary. adc.svn. sourceforge. net/viewvc/ adc/trunk/ ADC-EXT. txt?r1= 34&r2=33& pathrev= 34>
rev 34 of ADC might be relevant: <http://
is this really a security issue? if 2 peers disagree on their KEYP, the worse that could happen is a failure to establish the connection. i fail to see how a third party could exploit this divergence to "sneak a cert into the chain" while keeping the KEYP intact.