[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another DoS attack.

To: ipsec <ipsec@lists.tislabs.com>, ipsra <ietf-ipsra@vpnc.org>
Subject: Another DoS attack.
From: Tamir Zegman <zegman@checkpoint.com>
Date: Thu, 28 Oct 1999 10:40:22 +0200
Organization: Check Point
Sender: owner-ipsec@lists.tislabs.com

I'm posting this message to both mailing lists as this issue concerns
them both.

An attacker using either aggressive, main or base mode can send a
certificate whose RSA public key consists of a long modulus (16384) and
a non trivial exponent.
The responder will be left to do the exponentiation till hell freezes
unless of course his implementation limits the length of public key
signatures it is willing to verify.
A similar attack can be mounted using DSA.
This attack can be extended to other online protocols that use
certificates in which the responder is asked to verify a public key
signature.

Follow-Ups:

Re: Another DoS attack.

From: "Marcus Leech" <mleech@nortelnetworks.com>

Re: Another DoS attack.

From: Kanta Matsuura <kanta@hideki.iis.u-tokyo.ac.jp>

Prev by Date: RE: Main mode using pre-shared keys
Next by Date: I-D ACTION:draft-ietf-ipsec-notifymsg-02.txt
Prev by thread: Initial Contact
Next by thread: Re: Another DoS attack.
Index(es):
- Main
- Thread