[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SKIP fails anti-clogging
> Date: 14 Nov 95 11:22:25 -0800
> From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
> Subject: WG Last Call for SKIP I-D
>
SKIP fails to provide adequate anti-clogging, at the protocol,
computational and resource levels.
SKIP also lacks graceful recovery mechanisms.
For example, a WWW server which accepts traffic from arbitrary clients
is easily clogged. As this is a principle application, such a failing
is unacceptable.
Whenever a packet arrives with a master-key for which it does not have
the certificate precalculated, SKIP locates a certificate (requiring a
certificate protocol exchange) and calculates a Modular Exponentiation.
When SKIP scales to hundreds (or millions) of nodes, it will be a simple
matter to completely swamp the target by sending a perfectly valid
SKIP header with each of the world-wide master identifying numbers,
triggering a search for the certificate, validation of the certificate
signature, and calculation of the shared-secret.
This is unacceptably protocol inefficient, as it generates a large
number of extraneous certificate query exchanges.
This is unacceptably computationally expensive, as the signature and
shared-secret (Kijn) are calculated.
The storage cache can easily be overflowed, likely causing loss of
storage for other applications. In the even of loss of cache, this
requires recalculation of other valid traffic master-keys -- yet another
additional computational expense -- possibly resulting in lost traffic.
This problem is due to the tremendous amount of long-term stored state
required by SKIP, and the lack of LifeTime.
Recovery (as stated in the draft) requires manual intervention by the
system administrator to add each valid user to a "pre-compute cache".
This is unacceptable.
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2