[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Regarding pre-round trip for stateless cookie (Jan's issue)
>> From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
>>I would rather have shorter setups times, but I would rather
>>it was resistant to DDoS.
I don't think the stateless cookie is very useful for DDoS. It's
only useful for the kind of DOS in which the attacker system is
using fake IP addresses. In a DDoS situation, the innocent zombies
will be using their own addresses.
As for shorter setup times...ironically, the 4/6 protocol might have
lower latency!
a) if you don't care about Bob being stateless until receipt of the
stateless cookie, then the 4/6 protocol
would be lower latency, because it will be 4 messages,
and the messages will have fewer bits to transmit (message
3 doesn't have to repeat all of message 1 and part of message 2)
b) if you do care about Bob being stateless, then the 4/6 protocol
would have 6 messages, but unintuitively might still be
lower total latency because of two issues:
. fewer total bits to transmit (small issue)
. Alice and Bob can't be doing their exponentiation in parallel.
If Bob is stateless, he can't do any computation until receipt
of message 3 from Alice. The time to do the exponentiations
of g^b and g^ab might be longer than the transmission time
of the first 2 messages.
Again, I'm not claiming this is a very important issue either way,
and I got the impression from Charlie's message that he's not thrilled
about being pushed back and forth on an issue that doesn't matter
very much. But it *is* interesting that latency can be less with
a 6 message protocol than a 4 message protocol. (at least *I* think
it's interesting. :-) )
Radia