Re: Another DoS attack.

["Marcus Leech" <mleech@nortelnetworks.com>]

Tamir Zegman wrote:
> 
> I'm posting this message to both mailing lists as this issue concerns
> them both.
> 
> An attacker using either aggressive, main or base mode can send a
> certificate whose RSA public key consists of a long modulus (16384) and
> a non trivial exponent.
> The responder will be left to do the exponentiation till hell freezes
> unless of course his implementation limits the length of public key
> signatures it is willing to verify.
> A similar attack can be mounted using DSA.
> This attack can be extended to other online protocols that use
> certificates in which the responder is asked to verify a public key
> signature.
I have to assume that any CA that would issue a certificate for such a key
  would be broken.  Having said that, though, adding in a level of DoS
  paranoia here wouldn't hurt.

I would tend to want to verify the certificate BEFORE I did any computations
  based on the public key contained therein.  I haven't checked in detail,
  but does PKIX have anything to say about such pathological keys?

-- 
----------------------------------------------------------------------
Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
Systems Security Architect               Phone: (ESN) 393-9145  +1 613 763 9145
Security and Internet Solutions          Fax:   (ESN) 395-1407  +1 613 765 1407
Nortel Networks                          mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------

---

Follow-Ups:

• Re: Another DoS attack.
• From: Tamir Zegman <zegman@checkpoint.com>

References:

• Another DoS attack.
• From: Tamir Zegman <zegman@checkpoint.com>

---

• Prev by Date: I-D ACTION:draft-ietf-ipsec-notifymsg-02.txt
• Next by Date: Re: Another DoS attack.
• Prev by thread: Another DoS attack.
• Next by thread: Re: Another DoS attack.
• Index(es):
  • Main
  • Thread