ietf-mailsig
[Top] [All Lists]

Re: In response to Housley-mass-sec-review

2005-03-03 15:26:53

On Thu, 2005-03-03 at 13:49 -0500, Andrew Newton wrote:

On Feb 25, 2005, at 3:29 PM, Douglas Otis wrote:

As this was completed beyond the IETF draft cutoff date, these links
reference the draft.

When I went to read these, the links appeared to be broken.  Doug has 
provided me copies which I've posted in case anybody else is having 
problems:

http://ecotroph.net/~anewton/draft-otis-mass-reputation-00.txt
http://ecotroph.net/~anewton/draft-otis-mass-reputation-00.html


Section 6 seems particularly interesting. However, its title says 
"Preventing the replay attack."  I do not believe this is accurate as 
the approach is really about limiting the damage of a replay attack 
once detected.  That being said, this seems like a simple idea with low 
overhead.

Thank you for posting these drafts.  I considered that by being able to
significantly limit durations of a replay attack, this would act as a
preventative or deterrent.  But you are right, it is not absolute and
"preventing" overstates what this does.  I should have said "abating"
the replay attack. : )

-Doug


<Prev in Thread] Current Thread [Next in Thread>