[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Preliminary minutes

Yaron Sheffer wrote:

> By requirement, PIC (or getcert) allow anonymous users to
> initiate a secure
> connection. Any protocol allowing this is open to DoS attacks.

This analyses is not entirely true. Aggressive mode based protocol require
the initiator to prove nothing before the server start heavy computations.

On the other main mode based protocol (or base mode or TCP) require the
initiator to prove that he is able to receive packets.

This is not a lot in cryptographic terms, but it does mean that he cannot
choose an entirely bogus source address. This make it easier to trace such
attack and even block them.