[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris Cookies

To: "Housley, Russ" <rhousley@spyrus.com>
Subject: Re: Photuris Cookies
From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>
Date: Wed, 25 Jan 95 15:18:03 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Wed, 25 Jan 95 10:54:37." <9500257910.AA791060077@spysouth.spyrus.com>


????  The cookies are to avoid a clogging attack.  Using TCP make you
much more vulnerable to this.  You have to use stateless datagrams for
the initial set up or the attackes will clog you with state.

Donald

From:  "Housley, Russ" <rhousley@spyrus.com>
Encoding:  369 Text
To:  ipsec@ans.net
Cc:  sils@arc.nasa.gov
>
>Phil:
>
>The more that I look at cookies, I realize that they are only needed 
>because Phorutis is running over a connectionless service (IP/UDP).  If you 
>were to run over a connection-oriented service like TCP, the connection 
>establishment would provice the liveness checking that you need.
>
>Why do you think that key management must be run on IP/UDP?
>
>Russ

References:

Photuris Cookies

From: "Housley, Russ" <rhousley@spyrus.com>

Prev by Date: Re: Photuris Cookies
Next by Date: AH-MD5
Prev by thread: Re: Photuris Cookies
Next by thread: Re: Photuris Cookies
Index(es):
- Main
- Thread