[rc5] SOURCE CODE AND REQUESTS FOR OTHER PLATFORMS

Seth D. Schoen sigma at ishmael.nmh.northfield.ma.us
Sun Jun 22 02:08:42 EDT 1997


> if someone is willing to put up a v1-to-v2 proxy/convertor

Doesn't such a conversion proxy contradict the idea behind expiring v1
clients in the first place?  Aren't v1 clients being expired _because_
their source is available and it's feared they could be used for
spoofing?  Or it is just because they're slow? :-)

If v1 clients are expired because of a fear that

- someone with the source to a v1 client can generate large numbers
of false reports to jeopardize the success of the project
- someone with the source to a v1 client can replace the keychecking
routine with a "return 0" and log keyblocks assigned (testing them
at a later date as good candidates, since "rc5 participants have
eliminated so many other keys for me...."
- someone with the source to a v1 client can replace the network code
with code which would simply decline to tell Bovine if the key was
found, and then dishonestly claim the whole $10,000 for himself before
anybody could do anything about it

then it would violate the whole point of expiring v1 clients to allow
anyone to operate a v1 to v2 translating proxy -- since somebody with
a v1 client could easily pull any of the above "schemes" in conjunction
with a converting program, even without the collusion or knowledge of
the proxy's operator.  For instance:

- user with v1 client generates false reports, sends them to proxy, which
accepts the (v1 protocol) reports
- user with v1 client uses proxy to get lots of keyblocks, checks them
later, using others' work
- user with v1 client sets client not to notify proxy if key is found

In other words, operating this proxy to translate protocol versions
means that if v1 is insecure and untrusted, v2 would also become
insecure and untrusted.  (Or v3, if that's the protocol version under
consideration.)  If anything which can be expressed in v1, and possibly
misrepresentationally expressed in v1 by means of modifying source,
will be unconditionally accepted by a v1 server which is also a valid
v2 client, then anything can be misrepresentationally expressed in v2
by someone who merely has source for v1 and modifies it (!)

If, on the other hand, v1 clients are being expired not for security
reasons, but for speed reasons, the fact that many people seem prepared
to drop out of the Bovine effort when v1 clients are expired would
probably lead to a bigger keyrate loss than merely allowing v1 clients
to continue and requesting people not to use them.  Or "intermittent
protocol outages" for v1 users _intentionally_ giving them a slightly
lower keyrate would motivate all competitive users who wouldn't mind
running v1 with a strong upgrade incentive -- while still allowing
those with security and philosophical objections to running precompiled
binaries to make _some_ contribution to the project.

My bottom-line conclusion: either the v1 protocol should not be expired,
or developers should not be permitted to develop the proxy converter
which is being discussed.  Sorry to anybody who is planning to use it... :-)
Can anybody clarify specifically the reasoning behind making the old
clients stop working eventually?  I joined the list late (after
DESCHALL) and might have missed it.

-- 
Nothing is more dangerous for man's private morality than the habit of
commanding.  The best man, the most intelligent, disinterested, generous,
pure, will infallibly and always be spoiled at this trade.
            -- Mikhail A. Bakunin (thanks to Rabbi Albert Axelrad)
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list