Re: [Sip] draft-jennings-sip-hashcash-01

[Cullen Jennings <fluffy@cisco.com>]

The idea would be to have a very skewed amount of computation to help rate
limit attacks. Whatever amount of computation is "reasonable" for a valid
client to do, an attacker is going to be able to apply a lot more
computation to the problem. However, this still limits the number of
messages the attacker can do and thus raises the cost. I discuss this some
what in the SPAM draft.

This could all happen in different ways. Imagine a case where my enterprise
proxy compute the puzzles on behalf of my phone when I call another domain.
Say in a large enterprise, it has 10,000 people and during a busy hour makes
10 calls per second that are to an address external to the domain. Of these
only 2 are not whitelists. If the enterprise proxy was willing to spend say
3GHz worth of CPU at computing challenges for these 2cps, well that is a
pretty hefty amount of hash that could be required.

Another ways is perhaps all the UAC are willing to do about the amount of
hashing that 1 second of G.729 compression would take. It's hard to imagine
that most UAs (even large GWs) could not do this. This would limit the rate
of attack of a single computer to in the 100s of messages per second. This
is a lot less hashing that the example above but contrast this to what is
possible today. Today I can send in the order of 100,000 message per second.
Increasing the cost of an attack by 1000 is good. It slows it down and give
you time to trace the source and cut it off before it is everywhere. It
makes is less worth while to advertise products that a very very small
percentage of the receivers would buy.

As discussed in the SPAM draft, you would always want to use white lists
first then if the person was not on the white list fallback to something
else like this. 

Cullen


On 2/24/05 11:30 AM, "Francois Audet" <audet@nortel.com> wrote:

> We may need to explain some of the limitations of this. It seems to me that
> this mechanism would not be terribly appropriate for applications that
> aggregate a large number of clients onto a single platform. For example, this
> may be too computationally intensive for a large PSTN Gateway, or even a large
> Proxy.
>  
> Any ideas of how a UAS would make the decision to send the 419 without
> burdening the UAC? Should there be a supported/require header for this
> functionality, so that a UAC could "opt out"?
>>  
>>  
>> -----Original Message-----
>> From:  sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf Of Cullen
>> Jennings
>> Sent: Tuesday, February 22, 2005 16:46
>> To:  sip@ietf.org
>> Subject: [Sip]  draft-jennings-sip-hashcash-01
>> 
>> 
>> I updated  this draft on "SIP Computational Puzzles" so it has enough detail
>> to implement  it. (Previous version did not). It is in the drafts directory
>> and also in HTML  form at:
>> 
>> http://scm.sipfoundry.org/rep/ietf-drafts/fluffy/draft-jennings-sip-hashcash-
>> 01.html
>> 
>> Cullen
> 
> 
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip