[E-Lang] Re: Distributed Toontalk (was: VLS for everyone)

Bill Frantz frantz@pwpconsult.com
Mon, 26 Mar 2001 22:43:50 -0800 

At 2:51 PM -0800 3/26/01, Ken Kahn wrote:
>... I am reluctant to do anything that
>would make life more complex for the users (e.g. signatures). Remember that
>most customers are parents and teachers who find very simple things on a
>computer to be challenging (and sometimes scary).

In E, and in the product build on old-E (EC Habitats), the signatures are
transparent to the user (except for the CPU time involved).  Basically each
VAT uses a key pair as an identity, and the low-level code signs the
connection protocol whenever a connection is made.  The other end of the
connection (validation is bidirectional) checks the signature and only
proceeds if the signature is valid.

>If the problem is an
>attack that registered a different IP address than the IP address of the
>registrant, then this could be stopped by sending to the IP address being
>registered a message saying - please confirm this registration by sending me
>back this newly generated GUID. Right?

I'm not quite sure what protocol you have in mind here.  If you are sending
to the old IP address, it could be offline.  If you are sending to the new
IP address, then whether it is legitimate or not, it will just echo the new
GUID.


>A related attack that I worry a bit about is that anyone with a bird, but
>not the nest it flies to, could by breaking the ToonTalk language
>abstraction, obtain the GUID of the nest and register so that they'll
>receive a copy of all message sent to the nest. In other words a valid
>holder of the "send" capability can crack it and turn it into a "receive
>copies" capability as well.

This attack seems straight forward to mount.


>I wonder if people think a reasonable strategy for ToonTalk would analogous
>to HTTP/HTTPS. If and when security becomes an issue I make a ToonTalk
>variant that attempts to be secure (like HTTPS). In the meanwhile, just get
>something that works and is simple out there (analogous to HTTP).

If and when you need this kind of security, the E protocols probably have
some ideas you can use.

Cheers - Bill

BTW - In at least some forms, the GUID generation process uses the hardware
address of the installed Ethernet adapter as part of the GUID.  We were
using GUID generation to get that address in order to make a machine
specific ID.  (Machine specific IDs are a bad idea, but sometimes ...)
Anyway, we discovered that if AOL is installed on the machine, it gives the
machine an Ethernet address.  Unfortunately, every machine with AOL
installed has the same Ethernet address.  (Although different versions of
AOL assign different addresses.)  We got royally burned.


-------------------------------------------------------------------------
Bill Frantz       | Microsoft Outlook, the     | Periwinkle -- Consulting
(408)356-8506     | hacker's path to your      | 16345 Englewood Ave.
frantz@netcom.com | hard disk.                 | Los Gatos, CA 95032, USA