On Thursday 31 August 2006 12:21, you wrote: > so the messages themself are not encrypted?
No - they don't need to be, since Freenet does the encryption and we don't share either SSK with anyone but the other party. It's irrelevant anyway, since if a sender did pick up the fake mailsite, the sender would end up encrypting with the attacker's public key anyway. At this point it's probably worthwhile to add that this attack only affects channel setup. Once you've exchanged messages with someone, you've set up a channel both ways, and you're not vulnerable to this. The only effect that this attack could possibly have is that you set up a channel to the wrong person. Either all your messages to that address will go to the real person, or they'll go to the attacker - never both. Dave > > On 8/31/06, Dave Baker <dbkr at freenetproject.org> wrote: > > > > I assume he means by doing that, you'll get messages directed to those > > addresses. This was a massive part of the design consideration when > > implementing KSK addresses, and the conclusion was that no - it shouldn't > > happen, for the reason that routing in 0.7 is quite good, so anyone > > sending a > > mail to those addresses, when they look up the mailsite, their request > > will > > be routed to the correct location in the network (where the genuine > > mailsite > > is) rather than the spoofed one which is in an arbitrary place in the > > network. > > > > This is why KSK addresses are only 'probably' secure. :) To thwart this > > attack, just use your long, secure address. > > > > > > Dave > > > > On Thursday 31 August 2006 11:29, Marco K?hnel wrote: > > > i just read this on frost (german board) > > > > > > i will translate it :-) > > > > > > > > > setup 3 local nodes and connect them to work as a small darknet > > > create 2 freemail addresses > > > > > > send a test mail if succeeded goto freenet-refs and connect to other > > nodes > > > (to the public net) > > > with some luck you get the messages from the registered addresses > > > > > > so is this true? > > > > > > > > > greetz > > > > > > 1) anything at germany.freemail > > > 2) anything at dbkr.freemail > > > > > > > > > test-mail senden, wenn die adressen frunzen, gehe nach #freenet-refs > > pwne > > > noobs. ;) > > > verbinde dein 3-knoten-darknet mit anderen knoten (dem 'public' darknet) > > > > > > mit etwas gl?ck bekommst du nun nachrichten, die an diese adressen > > gerichtet > > > werden. > > > > > > das problem ist hinl?nglich aus frost bekannt -> nachrichtenkollision > > > (verschiedenen nachrichten auf dem > > > selben KSK). > > > > > > > > > sch?ne gr??e. > > > euer B?ser Bube :) > > > > > _______________________________________________ > > Freemail mailing list > > Freemail at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/freemail > > >
