[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DoS assault



While looking at this new california AWR form (assault weapon
registration), some obvious crypto thoughts came to my mind:

There is no positive sender authentication, except for the driver
license number.

Now, my understanding of the law is that a possesion of a DL is not the
prerequisite for owning a gun. So the field can be left blank.

Now, without DL #, all that is left is name and address.

Suppose that few malcreants decide to flood the receiving department
with fake AWRs, say hundreds of thousands. I am sure that residents'
addresses and names can be bought/found cheaply (maybe DMV would offer
volume discount ?).

So suddenly most of CA residents appear to have registered assault
weapons. The real owners are also registered (maybe twice ?). What this
attack would do is make impossible singling-out real owners without
physical verification.

The point of all this is that the state has obviously no expertise
whatsoever in handling these issues. Registering should involve
authentication methods that disable flooding attacks. One more reason
for implanted state ID.

Now, the real point of the above is that gun registration is one step
towards hard-to-forge implanted state ID, and that is a valid reason to
oppose it.