[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: reserving some SAIDs (re: Karn re: dee re: Ran...)
Summary: Ran suggested to keep a block of SAIDs reserved, e.g. to
indicate this message is encrypted with RSA key to be got from DNS.
Donald said this is great as it would allow datagrams w/o any setup.
Phil raised concern this would allow a clogging attack which would
cause the hosts to give up on verification. I argue below that this
is a valid concern in general, but does not have to prevent such an
optional datagram service; if clogged, the host would _not_ allow
this service. Details follow.
I agree with Phil, that (this kind of) denial of service may become common,
partially as a way to make a site remove defenses. In fact this is a well
known technique which _is_ in use to defeat link level encryption, and in
fact it is extremely successful and hard to protect against.
However, I also agree with Ran and Donald that such a datagram service
without any setup may be useful. I suggest such a service would be
an option that the host would disable if clogged by too many requests,
either valid or invalid. This can not, therefore, be our only means of
IP layer security; in fact, since this is a very computationally
intensive solution, clearly we must support a set up mechanism too.
One question remains: how many SAIDs should be reserved for such
uses? Here I agree with Steve: we should be careful in justifying
any pre-assignments. It appears that for this `datagram' function,
we need only ONE special SAID. Ran, could you explain why you want
to reserve such a large number of SAIDs? We need these bits for their
`basic' use, too...
Best, Amir Herzberg
p.s. I hope my summary above accurately reflects the positions of the
authors. I tried to help the reader... Hope I did not mislead.
Follow-Ups: