Andrew Glazebrook andgla at hna.com.au
Mon Jun 23 13:04:55 EDT 1997

On Sun, 22 Jun 1997 13:01:34 -0500, Colin L. Hildinger wrote:

>OK, I have an idea:
>Create a separate proxy server that is for 1.0 clients only.  All
>blocks going to this server are given a lower "trust" level than the
>blocks going to the 2.0 server.  In the unlikely event that we reach
>100% completion w/o finding the key, these blocks would be the first to
>be rechecked, along with all other blocks checked by 1.0 clients. 

A good option. Something which has occured to me, is why not just make
sure that those who use the special v1 key server have registered with
some sort of a confirmed as "good guys" database. It is only a few people
who will be actively causing the problems, and making them register would
discourage many of them (and if the IP address isn't registered, the v1
key server just refuses to give them any keys. Perhaps calling it a v1.1
key server would be better :-). Marking the blocks as you suggest would
then be an excellent way of insuring that even if someone does abuse it,
then it wouldn't be too fatal.

I'd also put in place a limit of how many blocks each one of these
registered people can get - if they have been taking part properly in the
effort in the past, pretty well let them get as many as they want (though
a limit would still be worthwhile incase they turned rogue later on), and
those who are completely new to the effort get limited to some minor
amount (say 10 to 50 blocks an hour). Then over time, their rating
increases (say from the 10 blocks an hour to 1000 blocks an hour or double
their average block/hour speed - whichever is smallest). Also, rather than
just saving all these "semi-checked" blocks up for later, I'd look at
re-issueing about 5-10% of them again amongst the other v1.1 proxy users.
Whatever the security obscurity method that they were using in v1
(including some blocks which the client has to return as "the key" even
when it isn't) could be increased to one block in a 100 (I've no idea what
it is set at currently). 

If these rogue net users that want to ruin the effort are doing it for a
challenge, I think that they would probably turn their efforts towards the
much bigger "prize" of sending bad blocks through the v2 servers. If they
are simply immature runts, I think the registration business would
discourage them greatly. The clients could be made 100% available to those
who want/need full access, and everyone is happy (except the people who
will have to manage this v1.1 key server, as they will have to keep
checking the logs occassionally for abusers).

Also, since this people with security concerns are likely to have
dedicated IP addresses, that should be a requirement. It would probably
also be worthwhile making it that the PPKS don't work with the keyserver
v1.1 (or if they do, it is only with people who have e-mailed for
permission, and who can assure the organisers that it will be securely
placed inside of their organisation - if that is possible). Though,
assuming that the database of "registered" people is secure, then the
locations of people running the PPKS for their own networks should be
obscure enough to be reasonably safe (though I suppose it wouldn't be hard
to try the appropriate port on the top 100 hosts to see if they are
running a PPKS - perhaps this could be avoided by not listing "registered"
hosts, only their e-mail team and perhaps sticking them altogether as one
address, or maybe just allocating them anon<x> addresses to go in the host
listings rather than a genuine host address).

Anyway, just some thoughts on the matter. I suppose what it really comes
down to, is how much effort the organisers are willing to put in to keep
those people who must have access to the client source code.

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list