> How about this, which is simpler: > A->B what's my ip (same as above) > B->A a.b.c.d (same as above) > A->C connect to a.b.c.d and say 'foo' > C->a.b.c.d: foo > > If A receives 'foo' from C, then a.b.c.d can be assumed to be valid.
True, that is simpler. I've just realised the flaw, however, that both your and my schemes have: We never actually check that C is using a.b.c.d to contact A. Which is, after all, the whole point. For example, "A->C connect to a.b.c.d and say 'foo'" may as well just be "A->C reply to me and say 'foo'" - if C is evil and in league with B it may not use a.b.c.d to contact A, but just use A's return address instead. In which case we don't know if a.b.c.d is valid (we just reckon it probably is given that B!=C, but this scheme is no better than asking A->B what is my ip and A->C what is my ip and believing them both if they give the same answer). And even then I guess it could be spoofed. I think the original scheme (the one I posted several months ago) wasn't affected by this problem, although it was affected by the 'but you can't connect to your own external IP address' technical issues. I'll keep thinking. _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
