[RC5] Help! I'm flooded with clients!

Jeremiah Gowdy jgowdy at home.com
Sun Jan 16 14:16:48 EST 2000


> This has been suggested in the past, and the replies have generally been
> that it's too much of a security risk. Personally, while I probably
wouldn't
> use this on most computers, it would be very handy, and I'd be interested
in
> giving it a try. There are probably things that can be done with PGP
> (ironic, using an encryption scheme to verify a code-crunching utility) to
> ensure that all files are properly signed by dnet . . . presumably the
worst
> that could happen would be someone installing an old version of the client
> on your machine (EGADS! NO!) or possibly someone installing a broken
version
> of the client on your machine somehow. Both of these are improbable IMHO,
> you'd have to pull off some nice IP spoofing to manage it.

Since the client would be initiating a connection to the IP address, rather
than the other way around, I'd be *very* impressed to see someone spoof like
that.  I agree with what you're saying there, a PGP key system could be used
to validate the clients.  AND I was thinking, the autoupdate feature could
be optional and disabled by default.  I too am very interested in this

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list