Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: key change for TCP-MD5

  • From: Steven M. Bellovin
  • Date: Mon Jun 26 20:44:53 2006

On Tue, 20 Jun 2006 17:06:27 -0400, Ross Callon <rcallon@juniper.net>
wrote:

> 
> At 12:12 PM 6/20/2006 -0700, Bora Akyol wrote:
> 
> >The draft allows you to have a set of keys in your keychain and
> >the implementation tries all of them before declaring the segment
> >as invalid.
> 
> DoS against routers is of course a major concern. Using
> encryption has the potential of making DoS worse, in the
> sense that the amount of processing that a bogus packet
> can cause is increased by the amount of processing
> needed to check the authentication. If the router needs to
> check multiple keys in the keychain before declaring the
> segment as invalid, then this multiplies the effect of the
> DOS by the number of keys that need to be checked.
> 
You're quite right, and the next version of the draft contains the
following additional text in the Security Considerations:

     Having multiple keys makes CPU denial of service  
     attacks easier.  This suggests that keeping the 
     overlap period reasonably
     short is a good idea.  In 
     addition, the Generalized TTL Security Mechanism
     <xref target="RFC3682" />, if applicable to
     the local topology, can help.
     Note that there would almost never be more than
     two keys in existence at any one time in any event.


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.