> What prevents someone from tampering freenet:KSK at blah by:
>
> 1. Finding the hash of the public key for the private key, hash("blah")
> 2. Locating that in your local node
> 3. Updating the encrypted text with the knowledge that the document name
> (encryption key) is "blah"
If you happen to have the file in your local node and it happens to be a
KSK then you can modify the copy in your local node.
As BC said, it would be easiest to just delete your datastore and then
insert your own copy of a given key.
The important counterpoints are as follows:
1) It won't work on keytypes other than KSK.
2) Changing your copy won't necessarily affect anyone else's copy. It may,
but it's statically improbable that your copy will win against the others.
3) KSKs are just pointers to to other files which provide a name. So all
you're really doing is misassociating a name, something that we have
to be robust against anyway since there are other ways to do this.
4) You're not exposing a flaw since this is common knowledge about KSKs.
The moral is, sometimes things are misleadingly named. I think the general
populice has already learned this lesson.
It's extra conveinent that we provide secure names which can't be spoofed
in addition to the normal spoofable names which many other systems such
as DNS and TCP/IP have.
_______________________________________________
Devl mailing list
Devl at freenetproject.org
http://lists.freenetproject.org/mailman/listinfo/devl
