[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Revised Pre-Shared and Public Key Sig modes??

To: Matt Thomas <matt@ljo.dec.com>
Subject: Re: Revised Pre-Shared and Public Key Sig modes??
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Mon, 16 Mar 1998 20:43:13 -0500
CC: IP Security List <ipsec@tis.com>
Organization: UMass-Amherst Theoretical Computer Science Group, <http://www.cs.umass.edu/~thtml/>
References: <199803062023.PAA15057@tecumseh.altavista-software.com>
Sender: owner-ipsec@ex.tis.com

Matt Thomas writes:
> The Main Mode exchanges for Pre-Shared keys (HASH_x) or Public Key
> Signatures (SIG_x) are:
[...elided...]
> Is there any reason why 1/2 a round trip could be not eliminated by
> having  Revised versions of these modes such that):
> 
>    HDR, SA                         -->
>                                   <--   HDR, SA, KE, Nr
>    HDR, KE, Ni                     -->
>                                   <--   HDR*, IDir, [HASH_R | SIG_R]
>    HDR*, IDii, [HASH_I | SIG_I]    -->
> 

I think your revised mode would make denial of service attacks easier. 
With the new design, the Responder does a DH computation before 
confirming that the Initiator at least parsed the Responder's cookie. 
An attacker could initiate many exponentiation-inducing exchanges 
without listening to return traffic from the Responder.

-Lewis  <pseudonym@acm.org>

References:

Revised Pre-Shared and Public Key Sig modes??

From: Matt Thomas <matt@ljo.dec.com>

Prev by Date: Re: draft-ietf-ipsec-ciph-cbc-02.txt
Next by Date: Re: Do we need ?
Prev by thread: Revised Pre-Shared and Public Key Sig modes??
Next by thread: Re: Revised Pre-Shared and Public Key Sig modes??
Index(es):
- Main
- Thread