1997-09-23 - Re: The great GAK crack (making GAK economically impossible)

Header Data

From: Ray Arachelian <sunder@brainlink.com>
To: Tim May <tcmay@got.net>
Message Hash: b289a964060e84a7118990b429c6b96e406ab8a0dcdccfbcd01eaad62da419d2
Message ID: <Pine.SUN.3.96.970923173113.5905C-100000@beast.brainlink.com>
Reply To: <v03102801b0438070e435@[207.167.93.63]>
UTC Datetime: 1997-09-23 22:01:23 UTC
Raw Date: Wed, 24 Sep 1997 06:01:23 +0800

Raw message

From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 24 Sep 1997 06:01:23 +0800
To: Tim May <tcmay@got.net>
Subject: Re: The great GAK crack (making GAK economically impossible)
In-Reply-To: <v03102801b0438070e435@[207.167.93.63]>
Message-ID: <Pine.SUN.3.96.970923173113.5905C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 15 Sep 1997, Tim May wrote:

> This will stop the "flooding attacks" which a free key escrow system would
> generate. It will also, sadly for us, put an end to many applications where
> keys are generated quickly, transiently, and on an ad hoc basis. There
> simply will be no time to register the keys, and the $10 (or whatever)
> processing fee will be unacceptable for these applications.

That all depends on how they are set up to accept such key requests.  Fer
instance, say they set up a nice litte web site that takes in credit
cards... can we say ping flood boys and girls?

Suppose they set up a mail in system where you have to mail letters to
them.  We simply go through every magazine we find and send subscribtion
requests to that address.  As most mags will happily send a free issue
this will do wonders...  Send them to "Joe Smith, Care Of Key Escrow..."
:)

If they set up a phone line, we call the phone line and keep it busy...
If they set up a system whereby mistakes have to be refiled, then we
simply all march down there and demand that we get our keys registered and
we always make mistakes in something or other, or we forget our ID's.

There may still be ways to spam them and keep them from implementing
anyway...  If not there's always Toto and the suitcase approach I
suppose.... And heck I'm sure someone is willing to donate $1M for such an
endeavor...

Denial of service attacks are always possible somehow or other...  It's a
question of what we're willing to donate to the effort.


=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|sunder@sundernet.com|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================






Thread