<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.3103.1000" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>What if a normal user(attacker) Eve tries to join
the secure group, assume Spread daemons are accessible by Eve, Eve knows
the address of those Spread daemons, and even the group name those secure
members are joining?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I made a test using the demo program "user"
provided by SSP 1.0.0. One group with secure group communication was setup
successfully. However, when I use another demo program "user" provided by
Spread-1.14 to connect this secure group, following events
happened:</FONT></DIV>
<DIV><FONT face=Arial size=2>1. Eve got all those member names in the secure
group;</FONT></DIV>
<DIV><FONT face=Arial size=2>2. Each secure member received a FLUSH_REQ
message;</FONT></DIV>
<DIV><FONT face=Arial size=2>3. Even after sending flush ok to the group, all
secure members got stuck.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Any comments?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>BTW, lots of thanks for Jonathan's comments of
spread configuration problem.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Yiqiang</FONT></DIV></BODY></HTML>