On Mar 31, 2008, at 6:44 AM, James A. Donald wrote:
Better still, have a limited supply of tickets that enable one to
construct the convergence key. Enough tickets for all normal usage,
but not enough to perform an exhaustive search. [...]
If you give the ticket issuing computers an elliptic point P, they
will give you the corresponding elliptic point k*P. If, however,
you ask for too many such points, they will stop responding.
This isn't a good design. It's incompatible with Tahoe's present
architecture, introduces a single point of failure, centralizes the
otherwise by-design decentralized filesystem, and presents a simple
way to mount denial of service attacks. Finally, since the
decentralization in Tahoe is part of its security design (storage
servers aren't trusted), you run into the usual quis custodiet ipsos
custodes problem with the ticket-issuing server that the present
system nicely avoids.
Cheers,
--
Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]