Re: Protocol spec?

Trent Piepho (xyzzy@u.washington.edu)
Mon, 12 May 1997 14:12:38 -0700 (PDT)


On Mon, 12 May 1997, Thomas Koenig wrote:
> guys would release the source specification, it would be fairly easy for
> the people everywhere else in the world to put together a working
> client. I don't see how accepting messages from a client in Europe
> would violate US laws, either.
>
> Comments?

I see two problems with this.

1. A coordinated effort like deschall or solnet is wide open to attack. Once
someone understands the protocol, it is trivial to write a client that will
request blocks of keys report then as checked. Solnet already had someone do
this in fact. Not releasing the source code is a form of "security through
obscurity," which is really no security at all. It just the most people with
the skill to reverse engineer the protocol aren't going to try to sabotage the
server.

2. Defective clients. If just anyone can write a client, somone is going to
mess up and write a defective client. Currently new clients have to go
through quite a bit of testing before they are accepted.

|Gazing up to the breeze of the heavens \ on a quest, meaning, reason |
|came to be, how it begun \ all alone in the family of the sun |
|curiosity teasing everyone \ on our home, third stone from the sun. |
|Trent Piepho (xyzzy@u.washington.edu) -- Metallica |