[Spread-users] Secure Spread problem

Ding Yiqiang ding_yiqiang at yahoo.com
Wed May 16 12:00:11 EDT 2001


What if a normal user(attacker) Eve tries to join the secure group, assume Spread daemons are accessible by Eve, Eve knows the address of those Spread daemons, and even the group name those secure members are joining?

I made a test using the demo program "user" provided by SSP 1.0.0. One group with secure group communication was setup successfully. However, when I use another demo program "user" provided by Spread-1.14 to connect this secure group, following events happened:
1. Eve got all those member names in the secure group;
2. Each secure member received a FLUSH_REQ message;
3. Even after sending flush ok to the group, all secure members got stuck.

Any comments?

BTW, lots of thanks for Jonathan's comments of spread configuration problem.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.spread.org/pipermail/spread-users/attachments/20010516/38416b0c/attachment.html 

More information about the Spread-users mailing list