[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSL ACKs vs. Anonymity (was Re: SSL trouble)

Having ACKs from the people cracking your SSL exchange is fun; it
provides feedback on whether your code is working, allows the
volunteers to see their name in lights, and gives you this nice warm
feeling that progress is being made. In server-allocation schemes, it
also provides an optimization: no need to hand out chunks that have
been ACKed.

Not having ACKs provides anonymity to those who are performing the
crack. The only two agents who have issues of anonymity to consider
are: the one presenting the challenge (and its prize), and the one
that gets the solution (and its prize).

Perhaps anonymity is unimportant for toy problems: so far, Hal has not
complained that Agent 86's CCNs have been spread all over the Net. I
can imagine a "real" challenge being a much more serious affair. Do
you really want to be caught talking with www.brute.cam.cl.ac.uk for
two days straight just before someone posts Louis Freeh's American
Express number to alt.credit-cards.exploit?