duplicate keyid survey results
V Alex Brennen
vab@cryptnet.net
Mon Mar 11 00:57:02 2002
On Mon, 11 Mar 2002, Hironobu SUZUKI wrote:
> On Sun, 10 Mar 2002, V. Alex Brennen wrote:
>
> > I don't believe this is true. While the potential to create 32 bit
> > key id collisions easily exists in v3, it is a hard problem in v4
>
> Yes. But v3 must be supported.
In functionality, yes. But in security... well... IMHO, it's ok to
just throw v3 people to the wolves - they know what they're using
is not secure, that it is attackable, in many different ways. The
fixes for the insecurities in v3 are what became part of v4.
People really need to upgrade and stop using anything earlier than
v4. Trying to secure v3 is like trying to secure Windows 98 as an
internet server.
LDAP has a max results modifier on queries, I encourage people
to code something similar into keyservers to protect against
server side DOS's rather than return a warning or partial
results.
- VAB
---
V. Alex Brennen
Senior Systems Engineer
IBM Certified Specialist
e-TechServices.com
IBM Business Partner
Bus: 352.246.8553
Fax: 770.216.1877
vab@e-techservices.com
http://www.e-techservices.com/people/vab/