On Fri, Dec 29, 2000 at 12:36:36PM -0800, Ian Clarke wrote:
> On Fri, Dec 29, 2000 at 03:47:37AM -0600, Brandon wrote:
> > Not a problem if you have always-on Internet access, which not everyone
> > does. I consider having to periodically update a guessable key to be not
> > totally acceptable for a number of reasons. Not only do you have to have
> > regular Internet access, but it also provides a way to track a
> > publisher. If you're inserting updates from the same node it might be
> > possible to incrementally track you down one hop at a time. This attack
> > only requires the ability to snoop one connection at a time, not total
> > surveillance over the whole network. Key hashing doesn't help since
> > the next key to be inserted is known. Connection encryption doesn't help
> > since a MITM attack can be done on each connection between nodes. PKI
> > helps somewhat, but irregular updates help a lot.
>
> Er, this is somewhat tenuous to say the least, PK is the solution to
> this, not irregular updates. I hope this isn't the best reason you can
> come up with for irregular updates?
Irregular updates allow totally random updating of data. It is far
more flexible than pseudoupdating, and it easier to use and less of a
kludge than pseudoupdating.
--
Travis Bemann
Sendmail is still screwed up on my box.
My email address is really [EMAIL PROTECTED]
PGP signature
