[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another DoS attack.
Marcus Leech wrote:
> Tamir Zegman wrote:
> >
> > I'm posting this message to both mailing lists as this issue concerns
> > them both.
> >
> > An attacker using either aggressive, main or base mode can send a
> > certificate whose RSA public key consists of a long modulus (16384) and
> > a non trivial exponent.
> > The responder will be left to do the exponentiation till hell freezes
> > unless of course his implementation limits the length of public key
> > signatures it is willing to verify.
> > A similar attack can be mounted using DSA.
> > This attack can be extended to other online protocols that use
> > certificates in which the responder is asked to verify a public key
> > signature.
> I have to assume that any CA that would issue a certificate for such a key
> would be broken. Having said that, though, adding in a level of DoS
> paranoia here wouldn't hurt.
>
> I would tend to want to verify the certificate BEFORE I did any computations
> based on the public key contained therein. I haven't checked in detail,
> but does PKIX have anything to say about such pathological keys?
>
Yes, of course,
The best way around the problem is to validate the certificate before checking the
signature, assuming of course that CAs don't issue these kind of certs.
>
> --
> ----------------------------------------------------------------------
> Marcus Leech Mail: Dept 8M70, MS 012, FITZ
> Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
> Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 1407
> Nortel Networks mleech@nortelnetworks.com
> -----------------Expressed opinions are my own, not my employer's------
References: