Under this proposed law, will ISPs have to scan *all* SMTP traffic and
record the envelope, or only the traffic for which they actually do
SMTP forwarding? If the latter is the case, we can simply go back to
the original end-to-end SMTP delivery model; no POP/IMAP or any of
that stuff. If the
I came across this interesting announcement by RSA:
http://www.rsasecurity.com/news/pr/2002/020619.html
Particularly from the above announcement:
By using this solution, customers' Web server certificates
generated and issued by their RSA Keon Certificate Authority
(CA) software are
Doesn't a standard digital signature plus hashcash / client puzzles
achieve this effect?
The hashcash could be used to make the client to consume more cpu than
the server. The hashcash collision wouldn't particularly have to be
related to the signature, as the collision would just act as a
Two points:
1. According to Poulson, the DOJ proposal never
discussed just what would be logged. Poulson
compared it to the European Big Brother legislation,
which required storage to Web browsing
histories and email header data.
2. After I posted the same info to /.
It's already been thunk of. check the literature on hash cash.
Basically, the idea is that the server presents a little puzzle
that requires linear computation on the client's side. (same
algorithm as minsky used for his time-lock). The client
has to present the solution of the puzzle with
A DoS would not pitch one client against one server. A distributed attack
using several clients could overcome any single server advantage. A
scalable strategy would be a queue system for distributing load to
a pool of servers and a rating system for early rejection of repeated
bad queries from
On Fri, Jun 21, 2002 at 08:28:40AM -0500, [EMAIL PROTECTED] wrote:
I came across this interesting announcement by RSA:
http://www.rsasecurity.com/news/pr/2002/020619.html
Particularly from the above announcement:
By using this solution, customers' Web server certificates
From: Ian Clelland [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 21, 2002 2:48 PM
On Fri, Jun 21, 2002 at 08:28:40AM -0500,
[EMAIL PROTECTED] wrote:
I came across this interesting announcement by RSA:
http://www.rsasecurity.com/news/pr/2002/020619.html
Particularly from the
At 11:48 AM 6/21/2002 -0700, Ian Clelland wrote:
The trust model doesn't break down just because anyone can create a
valid X.509 certificate. There still has to be a valid chain of trust
leading back to a trusted party (RSA, in this case). If that trust is
abused, then RSA can revoke your cert
Ed Gerck wrote:
A
scalable strategy would be a queue system for distributing load to
a pool of servers and a rating system for early rejection of repeated
bad queries from a source.
You could also vary the amount of hashcash required depending on the
number of bad signatures you are
ji wrote:
Under this proposed law, will ISPs have to scan *all* SMTP
traffic and record the envelope, or only the traffic for
which they actually do
SMTP forwarding? If the latter is the case, we can simply go
back to the original end-to-end SMTP delivery model; no
POP/IMAP or any of
On Fri, Jun 21, 2002 at 02:54:25PM -0500, [EMAIL PROTECTED] wrote:
Maybe I am reading more into it then exists but the bullet in the document
says it will:
Reduce help desk calls from end-users related to untrusted
certificates
It makes sense, though, that a company should be able to
Bill wrote:
I have been thinking about how to limit denial of service
attacks on a server which will have to verify signatures on
certain transactions. It seems that an attacker can just
send random (or even not so random) data for the signature
and force the server to perform extensive
13 matches
Mail list logo
