[e2e] What if there were no well known numbers?

Tue Aug 8 10:26:48 PDT 2006

David P. Reed wrote:
> Deep philosophical question, Joe.   What does it mean to receive or send?
> 
> Consider a human infant.   When born it is physically in an
> environment.   However in terms of speech it is neither sending nor
> receiving messages.
> 
> Which does it do first?   In fact, it probably starts by sending.  
> Eventually sending (cries, kicks, smiles) provoke responses that seem to
> be correlated with sensed input.

In a two-party system, "receiver open to input" always precedes "sender
issues message".

I.e., both the parent and child are open to input first. THEN either of
them sends.

In both cases, receiving precedes sending.

> 
> Or maybe it starts by receiving.   But it is NOT "open to attack"
> because the messages that arrive are not acted upon in a predictable
> way.  

It can be attacked by overloading the input (e.g., send noise). That
attack prevents it from proceeding.

> Only after 12-18 months does a parent teach the child what
> messages is must act upon in order to get fed, etc.
> 
> The underlying philosophical question is the difference between energy
> impinging on a computer and its willingness to act upon it.
> 
> My computer cannot be attacked unless it is running a program that
> causes it to ACT upon incoming data.   Merely being connected to
> incoming data does not make it vulnerable.

Talk about philosophy. What does it mean to be connected to incoming
data and NOT act on it? That's basically not receiving it.

> Similarly, a sender cannot cause my computer to do anything predictable
> or interesting unless it can predict what impinging energy structures
> will cause predictable actions.

Sure it can. You can send to it, watch what it does (whether it responds
or not) and adjust your input accordingly. This is what both parent and
child already do.

> Thus putting responsibility on a "3rd party" to protect a receiver or
> limit a sender is a long way from the point where communications is
> turned on or enabled.

That '3rd party' isn't 3rd anything. That party is a receiver, who needs
to be told something by the two parties in the communication. Then IT is
open to attack as well.

> The step of installing Windows or Linux on the computer (with device
> drivers) is the first step.   If you install Windows you increase your
> risk hugely.   Though Linux with a crappy device driver is just as
> easily killed - a malformed packet can cause code to be executed in the
> kernel in many cases, since the device driver executes in the kernel
> address space.

The risks are statistical: a crappy OS that is not widely deployed is
probably nearly as secure as a good OS that is widely deployed. The
issue is both that the receiver is open to attack and that the sender
knows it (otherwise, which OS does the sender attack?)

I don't see how that has any bearing on this discussion, though.

Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mailman.postel.org/pipermail/end2end-interest/attachments/20060808/e9113daf/signature.bin