[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (eternity) Service denial attacks on Eternity
WHO REGISTER ME TO THIS MAILING LIST?
CAN YOU TELL ME HOW TO REMOVE MYSELF FROM IT?
I WILL MAD!
OH GOD! TOO MANY EMAIL!
At 04:51 PM 1/12/98 +0000, Ross Anderson wrote:
>Tim May wrote:
>> It is also likely in the extreme that a working Eternity service will
>> quickly be hit with attackers of various sorts who want to test the limits
>> of the service, or who want such services shut down.
>Exactly. When I first talked about Eternity, which was at either the
>1994 or 1995 protocols workshop, I was walking back to my seat when
>Bob Morris (then at the NSA) said, from behind his hand in a stage
>Adam Back added:
>> the spooks / feds have a history of posting their own child porn if
>> none is available to seize
>Indeed, and a decade or so ago there was a scandal when it turned out
>that the spooks were using the Kincora Boys' Home in Belfast as a pedo
>brothel in order to entrap various local politicians. For them to say
>now that they need key escrow to suppress Kiddyporn is a bit rich!
>However the main threat is the court order - Anton Pillar or whatever
>- and the best weapon against court orders is anonymity. If they don't
>know your address they can't serve you the order or arrest you for
>> I can imagine *use* of the service becoming a felony
>I mentioned in the paper that Mossad might deny Eternity service to
>the Muslim world by posting something rude about the Prophet Mohammed.
>One must of course create a lawful excuse for people to have Eternity
>software mounted on their system. Maybe in addition to the `public'
>Eternity service we should have many corporate or even private
>services, many of which have escrow capabilities and are thus clearly
>law-abiding and accountable :-)
>There are many other possibilities. One topic that oozes into my
>consciousness from time to time is that one might integrate covert
>communications and storage with an anti-spam mail program - maybe a
>natural way forward if Adam hides Eternity traffic in spam!
>> Great idea, but where are the customers?
>Some 90% of security research effort is on confidentiality, 9% on
>authenticity and 1% on availability. Corporate infosec expenditures
>are exactly the other way round, and tools to enable disaster recovery
>databases to be spread holographically over a company's PCs could save
>a fortune compared with the cost of some current arrangements. If a
>few of these backup resources have hidden directories that mount the
>public Eternity service, then who can tell?
>At the Info Hiding Workshop at Portland in April, I will present a new
>idea which may facilitate such implementations of Eternity. This is
>the Steganographic File System - designed to provide you with any file
>whose name and password you know. If you don't know this combination,
>then you can't even tell that the file is there. We do not need to
>make any assumptions about tamper resistance; it can be done using
>suitable mathematics. (This is joint work with Roger Needham and Adi
>PS: we need a better word for `eternityspace', and Bell Labs have
>already trademarked `Inferno'. So what - Nirvana? Valhalla?