On Wed, Feb 05, 2003 at 11:32:55AM -0600, mw-list-postfix-userscsi.hu wrote:
> Here is a simple idea that should be inexpensive to implement (maybe
> existing hardware can be used).
>
> Every computer needs to have a device with the following components
>
> --- a ticker that is guaranteed to tick at least once every nanosecond
> (a cheap quartz oscillator should do this). The stability of the
> ticking (that is the constancy of the time between consecutive
> ticks) is unimportant; only the frequency of the ticks matters.
>
> --- a counter that is capable of counting the ticks of the ticker.
>
> --- a unique 30 (decimal) digit prime number p.

  Thank you for this solution!

  Please send me 8 of these at once. I will advise you when we need
more for additional mail servers. ;-)

  Seriously, you consider a solution that involves retrofitting
hardware to every server in the world (and then adding drivers for
every extant OS) to be a reasonable and inexpensive solution?

  Especially as the problem scenario you are now trying to solve, IIRC,
involves an attacker tampering with network time servers to control
with extraordinary precision the time stamps at least two servers will
use on mailspools which he somehow knows in advance will be restored
from backup onto a third server? This is a scenario far far removed in
likelihood from the original PID reuse problem which prompted the
change to maildir name generation.

  I am no expert on maildir, but it appears to me that you are
proposing to use a hydrogen bomb to kill a mosquito.

   -- Clifton

-- 
     Clifton Royston  --  LavaNet Systems Architect --  cliftonrlava.net
  "If you ride fast enough, the Specialist can't catch you."
  "What's the Specialist?" Samantha says. 
  "The Specialist wears a hat," says the babysitter. "The hat makes noises."
  She doesn't say anything else.  
                      Kelly Link, _The Specialist's Hat_

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]