1995-10-11 - “Denial of Clueless Service” Attacks

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 60aa8d44633ab24e24a9029036f9f218d974bc16b2ef0bd9ae8d2a5e9d7901a6
Message ID: <aca14dba17021004a0b6@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-10-11 17:37:27 UTC
Raw Date: Wed, 11 Oct 95 10:37:27 PDT

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Wed, 11 Oct 95 10:37:27 PDT
To: cypherpunks@toad.com
Subject: "Denial of Clueless Service" Attacks
Message-ID: <aca14dba17021004a0b6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:18 PM 10/11/95, Anonymous wrote:
>> Two years ago, I pointed out that getting a single message past
>> the man in the middle isn't good enough; you have to convince your
>> readers that the key they received on one channel is more accurate
>> than the key they're receiving on all the other channels.
>> But if they'll believe that, they may also believe the man in the middle's
>> announcement that the key in your name on all the keyservers is
>> wrong, and the correct key is the one he's putting out.
>> Can't win either way, but it's still important to get the key out.
>>
>> My current key is 0x54696D4D; the fingerprint is
>> 4D 65 44 75 53 61 21 2F   41 73 55 64 85 6D 21 7F.
>
>but this is not Tim May's key, his key is:
>
>pub  1024/54E7483F 1992/11/20 Timothy C. May <tcmay@netcom.com> 11-20-92
>          Key fingerprint =  8C 79 1C 1B 6F 32 A1 D1  65 FB 5F 57 50 6D D3 28
>
>
>And this one is signed by these people:
>
>pub  1024/54E7483F 1992/11/20 Timothy C. May <tcmay@netcom.com> 11-20-92
>sig       0022E52D             Eric Hughes <hughes@soda.berkeley.edu>
>sig       DDBE0DD5             John T. Draper <crunch@netcom.com>
....

Indeed, this is not an effective MITM attack. The spoofer certainly cannot
read messages encrypted to my public key (though he can read messages
encrypted to the public key offered above in his message...not a new
situation). And he cannot sign messages that others can match to the keys I
gave them, or that got put into the web of trust.

So, what is it? Is it a "denial of service" attack? Not really.

It's a "denial of clueless service" attack, in that anyone who tries to use
that key and then send me stuff gets to have their stuff _thrown away_,
which is always helpful in the war against cluelessness. Good riddance.

--Tim May

Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







Thread