[17346] in cryptography@c2.net mail archive
Re: Digital signatures have a big problem with meaning
daemon@ATHENA.MIT.EDU (John Gilmore)
Fri Jun 3 12:38:51 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: dan@geer.org, rsalz@datapower.com, cryptography@metzdowd.com
In-reply-to: <E1De7Wt-0001qZ-00@medusa01.cs.auckland.ac.nz>
Date: Fri, 03 Jun 2005 09:11:16 -0700
From: John Gilmore <gnu@toad.com>
> That cuts both ways though. Since so many systems *do* screw with data (in
> insignificant ways, e.g. stripping trailing blanks), anyone who does massage
> data in such a way that any trivial change will be detected is going to be
> inundated with false positives. Just ask any OpenPGP implementor about
> handling text canonicalisation.
Even mere hash checks are turning up obscure data corruptions. Some
people reported that BitTorrent would never finish certain files,
getting to 99.9% and stalling. The problem is that their NAT box was
replacing its external IP address with its internal address --
anywhere in a packet. This is called "Game mode" in some NAT boxes.
Their router was corrupting random binary data (and altering the TCP,
UDP, and Ethernet packet checksums!). They never noticed until
BitTorrent used end-to-end application-level SHA1 hash checks and
retransmission to detect and correct it.
http://azureus.aelitis.com/wiki/index.php/NinetyNine
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
