Hi Yoav As I understand this, changing the concept from 'difficulty level' to 'puzzle/generation id' doesn't allow for a responder to hand out some puzzles weaker than others at the same time? (Unless it's tracked locally as you said), but then the Responder would need to remember all previous Puzzles up to the last point where a certain GenerationID was used if it's to issue Puzzles of different difficulty at the same time. (Otherwise I see an attack where someone can potentially just make all new connections have the most difficult puzzles, there might be a need for some random un-fairness with 1 in X having hard puzzles?).
Also if the 'difficulty level' is no longer used, how does the client know
what difficulty this is ? Generation 9 could be 23-bit one day and 0 the
next.
If both are included this allows for the Responder to change secret and
also allow for multiple difficulty types.
Cookie = <VersionIDofSecret> | <Timestamp> | <GenerationID> |
<PuzzleDifficulty> | <PRF> |
Hash(Ni | IPi | SPIi | <Timestamp> | <GenerationID> |
<PuzzleDifficulty> | <PRF> |
<secret>)
thanks
On 03/12/2014 23:46, "Yoav Nir" <ynir.i...@gmail.com> wrote:
>Why? The responder can remember that generation 8 had a 20-bit
>difficulty level. If the attack then gets worse, than generation 9 is
>created with a 23-bit difficulty level.
>
>The responder needs only remember the generation and associated
>difficulty level.
>
>> On Dec 4, 2014, at 1:07 AM, Graham Bartlett (grbartle)
>><grbar...@cisco.com> wrote:
>>
>>
>> If the 1 byte 'difficulty level' has become the 'puzzle id', could we
>> break the 1 byte into two 4 bits?
>>
>> 1st 4 bits is 'puzzle/generation id', next 4bits is 'difficulty level',
>> this allows for 16 cycles for when every secret changes and still allows
>> 16 levels of puzzles..
>>
>> (just a thought as if the difficulty level disappears you loose the
>> ability to set a the hardness of the puzzle)
>>
>>
>> On 03/12/2014 16:01, "Yoav Nir" <ynir.i...@gmail.com> wrote:
>>
>>>
>>>> On Dec 3, 2014, at 5:44 PM, Valery Smyslov <sva...@gmail.com> wrote:
>>>>
>>>> Hi Scott,
>>>>
>>>> this is almost identical to what I proposed in my original e-mail,
>>>> if you substitute "difficulty level" with "puzzle id².
>>>
>>> Or call it ³generation id², and increment it whenever you generate a
>>>new
>>> secret and/or change the difficulty level.
>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
