On Tue, 03 Jan 2012 19:52:00 +0000, Julian Yon julian@yon.org.uk said:
jry> Eventually Alice takes a vacation and Mallory is jry> successful at keeping the service offline for $expiry_time. At jry> this point the nym can be hijacked as no secret is needed to jry> claim it.
Two things here.
Firstly, the advertisement of the nym with the introduction hosts would be signed with the hidden service's key, the pair (Hash("somenym"), Srv_PubKey) would be kept cached around the network allowing it to be reclaimed should the hidden service move around. Similarly, to flesh things out, a nym could be released or transferred with a similarly signed message.
Secondly, on the expiry, that idea was copied as I understood it from the original proposal, designed to mitigate nym squatting, and allowing nyms to be eventually recycled. I'm not necessarily convinced by it and haven't thought about this aspect very closely. A malicious nym squatter could trivially maintain lots of mappings directly anyways. And likewise a clever DOS designed to cause the registration to expire would make nym hijacking possible, and this is true, I think, wherever there is an expiry mechanism.
Cheers, -w -- William Waites wwaites@tardis.ed.ac.uk Visiting Researcher, Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh