Loading ...
Sorry, an error occurred while loading the content.

4736Re: [decentralization] uServ project

Expand Messages
  • bert@akamail.com
    Dec 3 6:59 AM
      During uServ login, a client provides an authenticating password, after
      which a unique "cookie" is assigned to establish a session. This cookie
      has to be presented to the coordinator with the appropriate instructions

      by a client before the coordinator will activate any proxy to accept
      connections on its behalf. Similarly, the coordinator will only activate

      replicas for which the client has listed as authorized replicas for his
      site. So there is no way for another client to spoof being a proxy or
      replica unless they've sniffed the client's session cookie or stolen the

      client's password.

      Roberto

      Hugh Pyle wrote:

      >
      > Very interesting. One comment -
      >
      > What measures are in place to secure the system against spoofing (eg.
      > of the "replica" or "proxy" function)? Although you discuss security
      > in the paper, a major attack point not discussed would be to trick the
      > controller into believing that your target is offline or firewalled
      > and that you are their proxy.
      >
      > > uServ is a project at IBM which exploits P2P techniques to provide a
      >
      > > reasonable alternative to paid web hosting services for a wide class
      > of
      > > users.
      >
      > -Hugh
      >
      > To unsubscribe from this group, send an email to:
      > decentralization-unsubscribe@egroups.com
      >
      >
      >
      > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
    • Show all 12 messages in this topic