Hi Yaron, I also think that it's more safe to verify all 4 results (that's why it's SHOULD). If nobody objects we can make it MUST for the sake of security and simplicity.
Regards, Valery. ----- Original Message ----- From: Yaron Sheffer To: Valery Smyslov ; Yoav Nir ; Waltermire, David A. Cc: ipsec@ietf.org Sent: Friday, February 26, 2016 7:32 PM Subject: Re: [IPsec] Textual changes to the DDoS draft After reading the pull request, I suggest that we require the responder to verify all 4 puzzles. Although I don't have a proof why this is better (e.g. a game theoretic cost/benefit analysis), it would remove an unnecessary design decision from implementations at a trivial cost in performance. Thanks, Yaron On 02/25/2016 09:50 PM, Valery Smyslov wrote: That was also my impression. And the draft is already being edited to include multiple puzzles. Valery. ----- Original Message ----- From: Yoav Nir To: Waltermire, David A. Cc: ipsec@ietf.org WG Sent: Friday, February 26, 2016 8:43 AM Subject: Re: [IPsec] Textual changes to the DDoS draft On 26 Feb 2016, at 2:03 AM, Waltermire, David A. <david.walterm...@nist.gov> wrote: I haven’t seen any additional feedback on the DDoS draft this week based on Yoav’s note about the PR [1]. It also looks like the discussion on chaining puzzles has wrapped up with no changes needed to the draft [2]. Oh. My impression of [2] was that Valery and I were in agreement that this change was a good idea, with Scott and Yaron supporting (not quite as enthusiastically) and with not opinions to the contrary. Valery and I thought we’d make this change over the weekend. Yoav -------------------------------------------------------------------------- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec