[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revised Pre-Shared and Public Key Sig modes??
Matt Thomas writes:
> The Main Mode exchanges for Pre-Shared keys (HASH_x) or Public Key
> Signatures (SIG_x) are:
[...elided...]
> Is there any reason why 1/2 a round trip could be not eliminated by
> having Revised versions of these modes such that):
>
> HDR, SA -->
> <-- HDR, SA, KE, Nr
> HDR, KE, Ni -->
> <-- HDR*, IDir, [HASH_R | SIG_R]
> HDR*, IDii, [HASH_I | SIG_I] -->
>
I think your revised mode would make denial of service attacks easier.
With the new design, the Responder does a DH computation before
confirming that the Initiator at least parsed the Responder's cookie.
An attacker could initiate many exponentiation-inducing exchanges
without listening to return traffic from the Responder.
-Lewis <pseudonym@acm.org>
References: