[RC5] client protocol security

Richard Freeman rfreeman at netaxs.com
Wed Nov 19 10:50:27 EST 1997

On Wed, 19 Nov 1997, Adam Rotaru-Varga wrote:

>   Hi to all cows--
>   I'd like to raise the question of the reliability of the communication
> protocol between the clients and the keyserver(s). I suppose there must be
> some authorization/encoding scheme, otherwise anyone could connect and
> give some fake replies (like "I completed this-and-this block" when in
> reality it didn't). Of course, there's no reason why someone should do
> this, apart mere bad intention or boosting the stats, but it could
> undermine the whole project. 
>   Is the authorization good enough?

I'm all into signatures and all that - but I still don't see how this is
possible.  Sure, you could make the exchange complicated to deter
spammers, but you could never rule it out, especially with source code.
Whatever code authenticates the client could just be duplicated by a
spammer to authenticate their program.  The only possability would be to
generate keypairs and make each user download one.  Then you would be able
to determine who sent in what blocks with high certainty.  You could then
watch out for people sending in what looks like too much progress - but
this is hardly foolproof - it only prevents somebody from spamming 8000

Again, somebody would probably be able to download a whole bunch of
keypairs and set up a whole bunch of low-scale spammers to get by this
anyway.  Even if part of the source were not disclosed, this still does
not prevent reverse-engineering - which is not that difficult and is
impossible to prevent.

I think that spam is by far the greatest risk with distributed computing.
Unless you distributed to trusted systems over trusted lines of
communication you can't defeat it.

If there is some way to get around these limitations let me know...

Richard T. Freeman <rfreeman at netaxs.com> - finger for pgp key
3D CB AF BD FF E8 0B 10 4E 09 27 00 8D 27 E1 93 
http://www.netaxs.com/~rfreeman - ftp.netaxs.com/people/rfreeman

To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list