On Fri, May 16, 2014 at 7:34 AM, Nicholas Weaver <nwea...@icsi.berkeley.edu>wrote:
> > On May 16, 2014, at 7:29 AM, Colm MacCárthaigh <c...@allcosts.net> wrote: > >> And even 4096b RSA signatures only take a handful of milliseconds to > construct on the fly, you can cache signature validity for minutes even in > the very dynamic case, and this is one of those operations that parallelize > obscenely well. > >> > > You won't survive a trivial DOS from a wristwatch computer with that > approach :) Having static answers around greatly increases capacity, by > many orders of magnitude. > > Actually, you can. You prioritize non-NSEC3 records, since thats a > finite, identifiable, priority set, and cache the responses. Thus if you > have 10k valid names, each with 100 different possible responses, and have > a max 1 minute TTL on signatures, thats only 16k signatures/s in the > absolute worst case, which you can do on a single, 16 core computer. > 16k/second is nothing, and I can generate that from a wristwatch computer. Caching doesn't help, as the attackers can (and do) bust caches with nonce-names and so on :/ A 16 core machine can do a million QPS relatively easily - so it's a big degradation. -- Colm
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
