[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call for SKIP I-D




Ashar Aziz writes:
> it would be trivial to add cookie style anti-clogging
> to the existing SKIP ICMP message.

In that case, why not use Photuris?

> This can be used in instances when a node is feeling clogged (and
> not as the default case).

That would add a second round trip to the overhead, would it not?

Personally, I want to see anti-clogging tokens added to more
technology as the default case, not to less. For example, I'd like to
see a next generation TCP operate with Photuris style anti-clogging
cookies.

> It is  worth mentioning that the cookie solution
> is also a partial solution, since the cookie approach
> relies on an attacker's inability to observe reverse
> traffic.

True enough. It isn't perfect by any means. It would, however, stop
the vast majority of such attacks. As it stands now, there are some
enormously dangerous clogging attacks that could be performed which
threaten the integrity of the internet. You view this as an
unimportant situation, but it really is not.

Perry


References: