On Wed, 28 Jul 2010, Yaakov Stein wrote:
Yes, the symmetric key stuff is now done in hardware but the public key part for authentication is still done in software. And due to interactions between the software and hardware, requesting authentications can slow down other existing timing flows.
What about just signing it the way it's done in DNSSEC, ie you have a certificate/key and each packet is signed before being sent out?
So in principle I can mount an attack by requesting authentications using successively "harder" keys followed by successively "easier" ones, thus adding hard-to-remove wander to the other timing flows.
In an multicore multithreaded environment, is this really that huge of a problem? Also if we count in that people who are really interested in this might have a device with a separated control plane and "data plane" just like high capacity routers are done as of 10 years approximately?
-- Mikael Abrahamsson email: [email protected] _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
