5.1 Security Considerations for Implementers
A higher-layer application provides the server-role peer with the encryption algorithm, key size and the encryption key. The choice of the encryption algorithm and key size is one of the CryptoAlgoId field values specified in section 2.2.3.
The server-role peer generates an initialization vector suitable for the chosen encryption algorithm and uses the encryption key to encrypt the block using the chosen encryption algorithm. The server-role peer then records the chosen algorithm and the initialization vector in the message, as specified in section 2.2.5.3.
Server-role peers and client-role peers never exchange/share/send each other the encryption key.
The client-role peer has a priori knowledge of the encryption key. Using the encryption algorithm and initialization vector it received from the server-role peer, it decrypts the block.
There is no other explicit authentication or authorization built into the protocol, except for the Utility Index strategies specified previously that can result in denial of service to peers currently considered untrustworthy.