Re: [IPsec] Textual changes to the DDoS draft

Mon, 29 Feb 2016 22:08:22 -0800 

Hi Yaron,

I also think that it's more safe to verify all 4 results (that's why it's 
SHOULD). 
If nobody objects we can make it MUST for the sake of security and simplicity.

Regards,
Valery.

  ----- Original Message ----- 
  From: Yaron Sheffer 
  To: Valery Smyslov ; Yoav Nir ; Waltermire, David A. 
  Cc: ipsec@ietf.org 
  Sent: Friday, February 26, 2016 7:32 PM
  Subject: Re: [IPsec] Textual changes to the DDoS draft


  After reading the pull request, I suggest that we require the responder to 
verify all 4 puzzles. Although I don't have a proof why this is better (e.g. a 
game theoretic cost/benefit analysis), it would remove an unnecessary design 
decision from implementations at a trivial cost in performance.

  Thanks,
      Yaron


  On 02/25/2016 09:50 PM, Valery Smyslov wrote:

    That was also my impression. And the draft is already being edited to 
include multiple puzzles.

    Valery.
      ----- Original Message ----- 
      From: Yoav Nir 
      To: Waltermire, David A. 
      Cc: ipsec@ietf.org WG 
      Sent: Friday, February 26, 2016 8:43 AM
      Subject: Re: [IPsec] Textual changes to the DDoS draft




        On 26 Feb 2016, at 2:03 AM, Waltermire, David A. 
<david.walterm...@nist.gov> wrote:


        I haven’t seen any additional feedback on the DDoS draft this week 
based on Yoav’s note about the PR [1]. It also looks like the discussion on 
chaining puzzles has wrapped up with no changes needed to the draft [2].


      Oh. My impression of [2] was that Valery and I were in agreement that 
this change was a good idea, with Scott and Yaron supporting (not quite as 
enthusiastically) and with not opinions to the contrary. Valery and I thought 
we’d make this change over the weekend. 


      Yoav




--------------------------------------------------------------------------
      _______________________________________________
      IPsec mailing list
      IPsec@ietf.org
      https://www.ietf.org/mailman/listinfo/ipsec


     

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to