Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type

There are much easier ways to do a dos attack.


/d

--
  Dave Crocker
   bbiw.net

------- Original Message -------
From: Eliot Lear <lear(_at_)cisco(_dot_)com>
To: Murray Kucherawy <msk(_at_)cloudmark(_dot_)com>
Sent: 02-Jun-09, 10:59:30 AM
Subject: Re: [ietf-dkim] RFC4871bis - whether to drop  --  k: Key type

On 6/2/09 7:41 PM, Murray Kucherawy wrote:

So if a=rsa-sha256, then the key I get from issuing a query based on

s= and d= will be an RSA key, or it will fail to verify.  What k= offers is 
somewhat redundant except for the fact that I can avoid the crypto overhead 
if I can detect early on that it won't work anyway.

   


That's an important point, in the case of a DOS attack.  The next 
question is whether anybody implements it as such?

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-dkim] RFC4871bis - whether to drop -- x: Signature expiration, Murray Kucherawy

Next by Date:

Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Michael Thomas

Previous by Thread:

[ietf-dkim] 4871bis/4871 interop, Stephen Farrell

Next by Thread:

Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Douglas Otis

Indexes:

[Date] [Thread] [Top] [All Lists]