On Sat, Feb 6, 2010 at 8:16 AM, Michael Rogers <m.rogers at cs.ucl.ac.uk> wrote: > Matthew Toseland wrote: >>> The inserter has a practically unlimited number of attempts to >>> insert a KSK that the attacker hasn't already squatted, by >>> inserting redirects to the same data (it's not necessary to >>> reinsert the data) and turning the keys of the redirects into KSKs. >>> >> >> It's not unlimited, unless you want each requestor to fetch all the >> attacker's redirects, and the content they point to, first. That can >> be limited *to a degree* by implementing enforced checksums at the >> top block metadata. > > The inserter knows when an insert has succeeded, and only gives the > successful KSK to other people, so the requesters only need to try one key. > >>> Each KSK is unguessable in advance by the attacker, who can only >>> squat them by seeing the redirect being inserted and inserting >>> KSK at sha1/hash_of_the_key_of_the_redirect before the inserter does. >> >> Basically it's the classic KSK war, just like with chat, assuming the >> attacker can guess the content. The attacker inserts once for each >> slot; everyone fetching it fetches all the slots, multiplying his >> effort. > > They only request the successful one, so the squatted ones fall out of > the network.
In which case, the KSK isn't actually the SHA of the final data... Evan Daniel
