[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTION: 3.1 DoS protection

To: "Theodore Ts'o" <tytso@mit.edu>, <ipsec@lists.tislabs.com>
Subject: RE: SOI QUESTION: 3.1 DoS protection
From: "Stephane Beaulieu" <stephane@cisco.com>
Date: Mon, 24 Jun 2002 10:38:38 -0400
Importance: Normal
In-Reply-To: <E17LVN2-0000L2-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com



>
>
> Notes from the chair:
>
> This next set of questions address the issues listed in section 3 of the
> soi-features I-D, "Protocol Mechanics".
>
>
> Please discuss and answer:
>
> 3.1 DoS protection
>
> 3.1.A) WRT DOS attacks that exhaust memory or CPU resources, is it more
> important to always keep the message count at 4, or is it
> acceptable to add
> an additional roundtrip of messages when the responder thinks he's under
> attack?

Avoid DoS attacks, whatever the cost.

In my mind, the question should be, SOI *will* provide DoS protection.  Do
we want the option of reducing the exchange from 6 messages to 4 when boxes
don't feel they are threatened by DoS attacks (add complexity to achieve
speed (via less round trips) in most cases)

References:
- SOI QUESTION: 3.1 DoS protection
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: RE: SOI QUESTIONS: 2.6 Formal proofs of security
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: RE: SOI QUESTION: 3.1 DoS protection
Next by thread: Re: SOI QUESTION: 3.1 DoS protection
Index(es):
- Date
- Thread