[Spread-users] Secure Spread problem

Ding Yiqiang ding_yiqiang@yahoo.com
Wed, 16 May 2001 12:00:11 -0400 

This is a multi-part message in MIME format.

------=_NextPart_000_0018_01C0DDFF.C22CD190
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

What if a normal user(attacker) Eve tries to join the secure group, =
assume Spread daemons are accessible by Eve, Eve knows the address of =
those Spread daemons, and even the group name those secure members are =
joining?

I made a test using the demo program "user" provided by SSP 1.0.0. One =
group with secure group communication was setup successfully. However, =
when I use another demo program "user" provided by Spread-1.14 to =
connect this secure group, following events happened:
1. Eve got all those member names in the secure group;
2. Each secure member received a FLUSH_REQ message;
3. Even after sending flush ok to the group, all secure members got =
stuck.

Any comments?

BTW, lots of thanks for Jonathan's comments of spread configuration =
problem.

Yiqiang

------=_NextPart_000_0018_01C0DDFF.C22CD190
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>What if a normal user(attacker) Eve =
tries to join=20
the secure group, assume Spread&nbsp;daemons are accessible by Eve, Eve =
knows=20
the address of those Spread daemons, and even the group name those =
secure=20
members are joining?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I made a test using the demo program =
"user"=20
provided&nbsp;by SSP 1.0.0. One group with secure group communication =
was setup=20
successfully. However, when I use another demo program "user" provided =
by=20
Spread-1.14 to connect this secure group, following events=20
happened:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>1. Eve got all those member names in =
the secure=20
group;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>2. Each secure member received a =
FLUSH_REQ=20
message;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>3. Even after sending flush ok to the =
group, all=20
secure members got stuck.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Any comments?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>BTW, lots of thanks for Jonathan's =
comments of=20
spread configuration problem.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Yiqiang</FONT></DIV></BODY></HTML>

------=_NextPart_000_0018_01C0DDFF.C22CD190--


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com