|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: key change for TCP-MD5
On Tue, 20 Jun 2006 17:06:27 -0400, Ross Callon <[email protected]> wrote: > > At 12:12 PM 6/20/2006 -0700, Bora Akyol wrote: > > >The draft allows you to have a set of keys in your keychain and > >the implementation tries all of them before declaring the segment > >as invalid. > > DoS against routers is of course a major concern. Using > encryption has the potential of making DoS worse, in the > sense that the amount of processing that a bogus packet > can cause is increased by the amount of processing > needed to check the authentication. If the router needs to > check multiple keys in the keychain before declaring the > segment as invalid, then this multiplies the effect of the > DOS by the number of keys that need to be checked. > You're quite right, and the next version of the draft contains the following additional text in the Security Considerations: Having multiple keys makes CPU denial of service attacks easier. This suggests that keeping the overlap period reasonably short is a good idea. In addition, the Generalized TTL Security Mechanism <xref target="RFC3682" />, if applicable to the local topology, can help. Note that there would almost never be more than two keys in existence at any one time in any event. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
|