REPOST : Un-forgeable Cancels
Dr.Dimitri Vulis KOTM
dlv at bwalk.dm.com
Fri Aug 8 06:01:39 PDT 1997
jbaber at mi.leeds.ac.uk writes:
> Any comments/glareing weaknesses that I have missed?
Well, you missed credited guys named Franz and Huusinen with proposing this
exact scheme a couple of years ago. You also missed my discussion on how to
allow the local admin to issue cancels as well.
I used to think this scheme is very cool. Later I realized it had a serious
problem with forgeries in one's name.
Suppose X forges an article in Y's name, and specifies a cancel lock; then
Y can't cancel this forgery.
The retraction server which David is reported to be working on doesn't
rely on passwords on authenticate Y; if Y can demonstrate the ability
to receive a cookie sent to Y, then the server can issue a signed 'hide'
NoCeM for an article that purports to be from Y. Works for forgeries too.
---
Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
More information about the cypherpunks-legacy
mailing list