[asterisk-dev] Asterisk Beacon Module Proposal

[Tzafrir Cohen]

Quoting the spec:

| Spoofing
| 
| In order to limit spoofing, the server will return a token for all
| accepted requests to a server. Any subsequent requests to that resource
| must present the token in the request. If a subsequent request fails to
| provide the token, the request is rejected. Tokens expire after 48
| hours, at which point, a request does not have to provide a token. If a
| request does provide a token that is expired - and no token is required
| at that point - the request should be accepted and a new token granted.
| Once a request is made without a token (and no token is expected), a new
| token is issued for subsequent requests.
| 
| So long as Asterisk's transmission of data occurs faster than once every
| 48 hours, a malicious entity will not be able to spoof a resource. If a
| system is down then a remote system can 'take over' a system, and the
| legitimate system's attempts will be rejected. If that occurs... oh
| well. It is anonymous data.

I'm not sure I understand the need for the token. The Debian
popularity-contest (popcon, [1]) only identifies systems by a single
random token (MY_HOSTID in /etc/popularity-contest.conf). It supports
sending information by mail as well (thus: completely
non-interactively). I don't see what the extra temporary token buys
here.

Just send a report that includes the (random) server ID. Nobody should
be able to copy those (as they are only sent encrypted over the
internet). And in any event, why would anybody want to spoof that (as
opposed to merely add records to skew the stats, which is possible
either way just as easily). 

What am I missing here?

[1] https://packages.debian.org/sid/popularity-contest

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com