From: JonWienke@aol.com
Date: Sun, 14 Apr 1996 00:21:51 +0800
Subject: No Subject
Message-ID: <199604112221.SAA05470@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


e.

>     However, since the protocol requires that Alice send out location data,
>once
>she starts using it she reveals her physical location to Eve, Mallory, and
>anyone ese
> who can see the packets. Since the nature of the protocol is that Alice's
>location does 
>not  change frequently (and needs to transmitted  via a trusted channel to
>Bob when it
>does), after the first usage Mallory  *knows* the physical location  he is
>trying to 
>simulate, and can use this information for future spoofing.
>
>     The upshot of this is that Denning's scheme not only provides no
>security against 
>spoofing, and leaks potentially sensitive data about locations. 
>
>     If Sadaam Huissain (sp?) had used this scheme during the Gulf War, we'd
>have been 
>able to send a cruise missile directly to his keyboard.

This could be prevented by encrypting the data packets, but that would
introduce more delay into the protocol, and make it easier to spoof distant
locations.

>[These flaws in the protocol seem so obvious that I can't help but wonder if
>we're 
>missing something - Dorothy isn't *that* stupid.]

Isn't she about the age where Alzheimer's starts kicking in?

Jonathan Wienke