[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: compare-jfk-sigma.txt
On 5 Dec 2001, Derek Atkins wrote:
> Hugo Krawczyk <hugo@ee.technion.ac.il> writes:
>
> > Note that the poor initiator cannot amortize the costs of this
> > signature verification!
>
> This is actually a feature for DoS protection -- you want the
> initiator to do as much if not more work than the responder.
>
> -derek
>
Derek,
That's a beautiful idea!
Let's add 17 such signature verifications to the initiator
so to increase DoS protection.
There is just a little catch here: the only initiators that need
to do this verification are the legitimate ones. The DoS attacker
does not need to verify anything!
So it's a bug, dear, not a feature...
Hugo
References: