[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: resistance to swamping attacks.

To: touch@isi.edu, sommerfeld@apollo.hp.com
Subject: Re: resistance to swamping attacks.
From: touch@isi.edu
Date: Fri, 20 Sep 1996 12:12:15 -0700
Cc: kim@morningstar.com, ipsec@TIS.COM
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Posted-Date: Fri, 20 Sep 1996 12:12:15 -0700
Sender: ipsec-approval@neptune.tis.com

> From sommerfeld@apollo.hp.com Fri Sep 20 11:57:22 1996
> X-Authentication-Warning: thunk.orchard.medford.ma.us: sommerfeld owned process doing -bs
> To: touch@isi.edu
> Cc: kim@morningstar.com, ipsec@tis.com
> Subject: Re: resistance to swamping attacks. 
> Date: Fri, 20 Sep 1996 14:57:02 -0400
> From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
> 
> > Aren't authentication functions symmetric, almost by definition?
> > 
> > Joe
> 
> well, RSA signatures aren't (expense depends on the length of the
> exponent and the public exponent is usually made short so signature
> verification is fast at the expense of making signing expensive) but
> those are clearly too expensive to use in per-packet transforms.
> 

But then you're authenicating the signature, but not the packet
itself, no?

In that case, I can replay a signed connection-establishment request
with random source addrs.

Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/

Follow-Ups:

Re: resistance to swamping attacks.

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: Re: resistance to swamping attacks.
Next by Date: Re: resistance to swamping attacks.
Prev by thread: Re: resistance to swamping attacks.
Next by thread: Re: resistance to swamping attacks.
Index(es):
- Main
- Thread