Re: Clogging attacks on SKIP

[" " <amir@watson.ibm.com>]

> > There are two ways, as far as I see. One is to use MD5, and if somebody
> > insists on running the code on 8088 - tough. The other is - to define a
> > choice of hash-functions, so users of the "challenged" CPUs will be
> > able to select the one suitable for them (negotiable parameter).
> >
> That makes interoperability very difficult.  And involves an extra pair
> of messages to exchange the parameter, which was the whole point of the
> earlier message (eliminating the cookie exchange).

I agree, Exchanging another message doesn't make any
sense. The whole idea is to enable a non-interactive
version.
>
> So, there is no improvement.  Let's just stick to the cheap Foturis
> exchange, thanks anyway.

But that requires interaction... In order to allow us to
converge, I like to support the anti-clogging defense
for non-interactive too. The solution is wasteful and
a problem for weak devices, but it is the only one I know.
One can use it only as a `last resort'.

Let's just keep in mind that anti-clogging does not
completely prevent a non-interactive solution. This should
help to agree that anti-clogging and non-interactive options are both required
(and not conflicting).

Best, Amir

---

References:

• Re: Clogging attacks on SKIP
• From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>

---

• Prev by Date: Re: Clogging attacks on SKIP
• Next by Date: Perfect forward SECURITY (uni- vs bi-directional impersonation)'
• Prev by thread: Re: Clogging attacks on SKIP
• Next by thread: Re: Clogging attacks on SKIP
• Index(es):
  • Main
  • Thread