[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some comments on JFK

To: EKR <ekr@rtfm.com>
Subject: Re: Some comments on JFK
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Mon, 03 Dec 2001 14:15:48 -0500
Cc: "Hallam-Baker, Phillip" <pbaker@verisign.com>, ipsec@lists.tislabs.com
In-reply-to: Your message of "03 Dec 2001 11:10:10 PST." <kjvgfoce7h.fsf@romeo.rtfm.com>
Sender: owner-ipsec@lists.tislabs.com


In message <kjvgfoce7h.fsf@romeo.rtfm.com>, Eric Rescorla writes:
 >The draft says:
 >
 >   The Initiator bears the initial computational burden
 >   and must establish round-trip communication with the Responder
 >   before the latter is required to perform expensive operations.
 >
 >This text suggests that the fact that the initiator performs
 >the DH operation first protects against DoS. As far as I can
 >tell it does not.

Ambiguous language --- valid Initiators do perform computation before the
Responder, and that was the observation. This is not a mechanism for protecting
against DoS attacks.

The IPsec mailing list seems to be randomly dropping my messages (or delaying
them forever ?)
-Angelos

Follow-Ups:

Re: Some comments on JFK

From: Eric Rescorla <ekr@rtfm.com>

References:

Re: Some comments on JFK

From: Eric Rescorla <ekr@rtfm.com>

Prev by Date: Re: Some comments on JFK
Next by Date: RE: On shared keys (was RE: SOI: identity protection and DOS)
Prev by thread: Re: Some comments on JFK
Next by thread: Re: Some comments on JFK
Index(es):
- Main
- Thread