[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt

To: Derek Atkins <warlord@mit.edu>
Subject: Re: compare-jfk-sigma.txt
From: Eric Rescorla <ekr@rtfm.com>
Date: 05 Dec 2001 11:05:26 -0800
Cc: Hugo Krawczyk <hugo@ee.technion.ac.il>, Ran Canetti <canetti@watson.ibm.com>, ipsec@lists.tislabs.com
In-Reply-To: Derek Atkins's message of "05 Dec 2001 11:37:48 -0500"
References: <Pine.GSO.4.21.0112041628030.9684-100000@ee.technion.ac.il> <sjm3d2pipwj.fsf@benjamin.ihtfp.org>
Reply-to: EKR <ekr@rtfm.com>
Sender: owner-ipsec@lists.tislabs.com

Derek Atkins <warlord@mit.edu> writes:

> Hugo Krawczyk <hugo@ee.technion.ac.il> writes:
> 
> > Note that the poor initiator cannot amortize the costs of this 
> > signature verification!
> 
> This is actually a feature for DoS protection -- you want the
> initiator to do as much if not more work than the responder.
I don't see that this really works. Attackers can pretty
much ignore the server's signature. Legitimate servers don't
usually generate bogus signatures on their DH shares :)

-Ekr
  
-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

References:

Re: compare-jfk-sigma.txt

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Re: compare-jfk-sigma.txt

From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: compare-jfk-sigma.txt
Next by Date: Please save the pre-shared key mode
Prev by thread: Re: compare-jfk-sigma.txt
Next by thread: Re: compare-jfk-sigma.txt
Index(es):
- Main
- Thread