On Fri, Dec 29, 2000 at 03:47:37AM -0600, Brandon wrote:
> Not a problem if you have always-on Internet access, which not everyone
> does. I consider having to periodically update a guessable key to be not
> totally acceptable for a number of reasons. Not only do you have to have
> regular Internet access, but it also provides a way to track a
> publisher. If you're inserting updates from the same node it might be
> possible to incrementally track you down one hop at a time. This attack
> only requires the ability to snoop one connection at a time, not total
> surveillance over the whole network. Key hashing doesn't help since
> the next key to be inserted is known. Connection encryption doesn't help
> since a MITM attack can be done on each connection between nodes. PKI
> helps somewhat, but irregular updates help a lot.
Er, this is somewhat tenuous to say the least, PK is the solution to
this, not irregular updates. I hope this isn't the best reason you can
come up with for irregular updates?
Ian.
PGP signature
