[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Denial of Clueless Service" Attacks



At 2:18 PM 10/11/95, Anonymous wrote:
>> Two years ago, I pointed out that getting a single message past
>> the man in the middle isn't good enough; you have to convince your
>> readers that the key they received on one channel is more accurate
>> than the key they're receiving on all the other channels.
>> But if they'll believe that, they may also believe the man in the middle's
>> announcement that the key in your name on all the keyservers is
>> wrong, and the correct key is the one he's putting out.
>> Can't win either way, but it's still important to get the key out.
>>
>> My current key is 0x54696D4D; the fingerprint is
>> 4D 65 44 75 53 61 21 2F   41 73 55 64 85 6D 21 7F.
>
>but this is not Tim May's key, his key is:
>
>pub  1024/54E7483F 1992/11/20 Timothy C. May <[email protected]> 11-20-92
>          Key fingerprint =  8C 79 1C 1B 6F 32 A1 D1  65 FB 5F 57 50 6D D3 28
>
>
>And this one is signed by these people:
>
>pub  1024/54E7483F 1992/11/20 Timothy C. May <[email protected]> 11-20-92
>sig       0022E52D             Eric Hughes <[email protected]>
>sig       DDBE0DD5             John T. Draper <[email protected]>
....

Indeed, this is not an effective MITM attack. The spoofer certainly cannot
read messages encrypted to my public key (though he can read messages
encrypted to the public key offered above in his message...not a new
situation). And he cannot sign messages that others can match to the keys I
gave them, or that got put into the web of trust.

So, what is it? Is it a "denial of service" attack? Not really.

It's a "denial of clueless service" attack, in that anyone who tries to use
that key and then send me stuff gets to have their stuff _thrown away_,
which is always helpful in the war against cluelessness. Good riddance.

--Tim May

Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."