webID+TLS DOS from Jürgen Jakobitsch on 2012-12-10 (public-webid@w3.org from December 2012)

From: Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
Date: Mon, 10 Dec 2012 11:44:29 +0100
To: public-webid Group <public-webid@w3.org>
Message-ID: <1355136269.5305.14.camel@linux-1rgw.site>

hi,

i just occurred to me that i could probably knock out every verifier by
simply creating a huge webID-profile and logging in a couple of times.

we talked about that a while ago, but i don't find the link right now.
would it be helpful to have the public key available under an own uri
and go for the key first. the public key would need to link back to the
profile. and only in case the key is valid do a get on the profile.

it's clear that one could also create a huge public key graph, but there
could be size restrictions on that graph.

any thoughts?

wkr turnguard


-- 
| JÃ¼rgen Jakobitsch, 
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer StraÃŸe 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| web       : http://www.semantic-web.at/
| foaf      : http://company.semantic-web.at/person/juergen_jakobitsch
PERSONAL INFORMATION
| web       : http://www.turnguard.com
| foaf      : http://www.turnguard.com/turnguard
| g+        : https://plus.google.com/111233759991616358206/posts
| skype     : jakobitsch-punkt
| xmlns:tg  = "http://www.turnguard.com/turnguard#"

Received on Monday, 10 December 2012 10:45:01 UTC