[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another DoS attack.
Tamir Zegman wrote:
>
> I'm posting this message to both mailing lists as this issue concerns
> them both.
>
> An attacker using either aggressive, main or base mode can send a
> certificate whose RSA public key consists of a long modulus (16384) and
> a non trivial exponent.
> The responder will be left to do the exponentiation till hell freezes
> unless of course his implementation limits the length of public key
> signatures it is willing to verify.
> A similar attack can be mounted using DSA.
> This attack can be extended to other online protocols that use
> certificates in which the responder is asked to verify a public key
> signature.
I have to assume that any CA that would issue a certificate for such a key
would be broken. Having said that, though, adding in a level of DoS
paranoia here wouldn't hurt.
I would tend to want to verify the certificate BEFORE I did any computations
based on the public key contained therein. I haven't checked in detail,
but does PKIX have anything to say about such pathological keys?
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------
Follow-Ups:
References: