[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: resistance to swamping attacks.
> From sommerfeld@apollo.hp.com Fri Sep 20 11:57:22 1996
> X-Authentication-Warning: thunk.orchard.medford.ma.us: sommerfeld owned process doing -bs
> To: touch@isi.edu
> Cc: kim@morningstar.com, ipsec@tis.com
> Subject: Re: resistance to swamping attacks.
> Date: Fri, 20 Sep 1996 14:57:02 -0400
> From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
>
> > Aren't authentication functions symmetric, almost by definition?
> >
> > Joe
>
> well, RSA signatures aren't (expense depends on the length of the
> exponent and the public exponent is usually made short so signature
> verification is fast at the expense of making signing expensive) but
> those are clearly too expensive to use in per-packet transforms.
>
But then you're authenicating the signature, but not the packet
itself, no?
In that case, I can replay a signed connection-establishment request
with random source addrs.
Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/
Follow-Ups: