Re: httpy:// Ralph Hartley (hartley@AIC.NRL.Navy.Mil)
Tue, 16 May 2000 14:47:18 -0400

Tyler Close wrote:
>
> > existence. i.e. what I'm saying is you need a defence against mallet
> > finding that perverting URI mapping uri:A -> url:B to map
> > uri:A -> url:C
> > instead, where url:C is a working URL, has a useful effect.
>
> I think I got myself all confused yesterday.

[snip]

> Unless I've missed something, let's go back to the previous iteration
> of SLS, that did not deliver the signed SLS entry. Clients do not
> trust any SLSs. For unauthenticated schemes, the results are merely a
> best effort.

Ok, then there is no need for any signed SLS entries at all. An SLS isn't trusted to check them anyway. To prevent DOS attack involving masses of bad entries, an SLS MAY check any SLS entry it receives in the same way the client does.

Are there bad things Mallet might want to do that don't require passing a bad entry off as a good one? For instance, if Mallet controls an SLS but not all communications to and from the client, he can do traffic analysis based on what URIs the client requests, or by adding bogus entries pointing to a IP address he controls (which would be caught but only after he logged them).

Mallet can also add new URIs and make them point to arbitrary servers without the server administrators permission, but I don't know if that is bad.

Ralph Hartley