Re: [Sip] draft-jennings-sip-hashcash-01
Michael Thomas <mat@cisco.com> Wed, 02 March 2005 18:54 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA13745 for <sip-web-archive@ietf.org>; Wed, 2 Mar 2005 13:54:14 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D6Z0M-0007xS-RQ for sip-web-archive@ietf.org; Wed, 02 Mar 2005 13:55:31 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D6Yxf-0004RU-LM; Wed, 02 Mar 2005 13:52:43 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D6Yxd-0004RP-Ji for sip@megatron.ietf.org; Wed, 02 Mar 2005 13:52:41 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA13661 for <sip@ietf.org>; Wed, 2 Mar 2005 13:52:38 -0500 (EST)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D6Yyq-0007v5-Ai for sip@ietf.org; Wed, 02 Mar 2005 13:53:57 -0500
Received: from sj-core-2.cisco.com (171.71.177.254) by sj-iport-3.cisco.com with ESMTP; 02 Mar 2005 12:08:24 +0000
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
X-IronPort-AV: i="3.90,130,1107734400"; d="asc'?scan'208"; a="230802854:sNHT54528136"
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id j22IqQq8007305; Wed, 2 Mar 2005 10:52:26 -0800 (PST)
Received: from thomasm-lnx.cisco.com (thomasm-lnx.cisco.com [171.71.96.50]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j22IkSu1007867; Wed, 2 Mar 2005 10:46:28 -0800
Subject: Re: [Sip] draft-jennings-sip-hashcash-01
From: Michael Thomas <mat@cisco.com>
To: Jonathan Rosenberg <jdrosen@cisco.com>
In-Reply-To: <4225924C.6030100@cisco.com>
References: <1ECE0EB50388174790F9694F77522CCF01980E18@zrc2hxm0.corp.nortel.com> <4225924C.6030100@cisco.com>
Organization: Cisco Systems
Message-Id: <1109789547.22395.2.camel@thomasm-lnx.cisco.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6
Date: Wed, 02 Mar 2005 10:52:27 -0800
IIM-SIG: v:"1.1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1109789188.696144"; x:"432200"; a:"rsa-sha1"; b:"nofws:6912"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2p" "XIweAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRUtW+c43sl9jC" "50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"NJGYe8IcFFUZIKhmaiVVtbtjWEekYBtQRTKVsJmTrSmzWOmC43qg/89bGrSGQHi/9KMe7BLX" "ls7SUCnI6ClQMrq+bPh8eBG/uFlsksc5FVEU+Ot4ejsFPUrf+wkGbjY/2apD3SjVcpZ2gbulXHz" "MAbnGcucwFyLxo5zGVUcsLFc="; c:"Subject: Re: [Sip] draft-jennings-sip-hashcash-01"; c:"From: Michael Thomas <mat@cisco.com>"; c:"Date: Wed, 02 Mar 2005 10:52:27 -0800"
IIM-VERIFY: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a8041eca2a724d631b098c15e9048ce9
Cc: 'Cullen Jennings' <fluffy@cisco.com>, "'sip@ietf.org'" <sip@ietf.org>, Francois Audet <audet@nortel.com>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0590242216=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a3f7094ccc62748c06b21fcf44c073ee
The big problem I have with hashcash is the advent of zombie armies. With them in mind, about them only thing you do is punish legitimate UA's with itsy-bitsy CPU's, and leave the spammers essentially unaffected with their near limitless CPU resources. Mike On Wed, 2005-03-02 at 02:15, Jonathan Rosenberg wrote: > Even with whitelists, I think its a fair problem to ask as to whether > one can come up with an amount of hashcash that is sufficiently > expensive to stop the rate of spam, yet cheap enough not to totally > disrupt legitimate new calls, given the disparity of endpoints. Keep in > mind we also have low end UA that run in cell phones and other things, > and these may prove even more problematic than a gateway. Unclear which > one has the least amount of CPU density, that is, the amount of CPU > power available per call. > > The most recent spam draft is kind of lukewarm on hashcash for these > reasons. > > There are some other issues that one needs to consider, ignoring the big > elephant in the corner above: > > 1. The mechanism interacts badly with forking at the moment. One problem > is HERFP. If I have a mix of endpoints, some of which support this (and > thus send a 419), and others that don't (and thus ring the phone), then > you'll end up always completing the call on the endpoints that don't > support the extension. > > 2. THe mechanism doesn't provide a way for a proxy to aggregate multiple > Puzzle headers from forked branches. It needs to do something like > WWW-Authenticate where a proxy collects these from the various 419 and > places all of them in the 419 forwarded upstream. That will also require > something akin to realm, that allows a UA/proxy to pull out its own puzzle. > > > Thanks, > Jonathan R. > > Francois Audet wrote: > > > Yeah, a white list approach might work. > > > > The practical scenario that I am thinking about is with a typical VoIP > > service provider. > > > > Today, the vast majority of calls from subscribers terminate on gateways > > (owned by the operator of the service). These calls are not to a > > specific "user" but really to a gateway, using presumably something like > > the tel-URI-in-SIP-URI approach. In this case then, the white list is > > not to a whole URI but to "something" that is related to the gateway > > itself. This is different from the IM-scenario you quote. > > > > Now, if we only have to worry about one set of gateways (like the ones > > owned by the service provider), I guess you could base the white list on > > the domain name or find some other solution. It may be more difficult > > when gateways are scattered all over the place (like in an enterprise > > for example, or a federation of enterprise, or when it terminates to > > another service provider). > > > > I believe we should make sure that we describe white list properly > > before we publish the puzzle mechanism. I have a fear that we could > > define something where the people who make the SIP end-devices have an > > incentive to do something that is good for them (i.e., limit > > vulnerability to spam) but could be very problematic for the Gateways > > (or Proxies). Somehow we have to be able to mandate a white list > > capabily (or some other mechanism). Otherwise software upgrades could > > kill the operator of the service. > > > > PS: Note that this is a recurring problem with gateways (I think certs > > has the same issue). > > > > -----Original Message----- > > *From:* Cullen Jennings [mailto:fluffy@cisco.com] > > *Sent:* Friday, February 25, 2005 08:03 > > *To:* Audet, Francois [SC100:9T51:EXCH]; sip@ietf.org > > *Subject:* Re: [Sip] draft-jennings-sip-hashcash-01 > > > > > > The idea would be to have a very skewed amount of computation to > > help rate limit attacks. Whatever amount of computation is > > "reasonable" for a valid client to do, an attacker is going to be > > able to apply a lot more computation to the problem. However, this > > still limits the number of messages the attacker can do and thus > > raises the cost. I discuss this some what in the SPAM draft. > > > > This could all happen in different ways. Imagine a case where my > > enterprise proxy compute the puzzles on behalf of my phone when I > > call another domain. Say in a large enterprise, it has 10,000 people > > and during a busy hour makes 10 calls per second that are to an > > address external to the domain. Of these only 2 are not whitelists. > > If the enterprise proxy was willing to spend say 3GHz worth of CPU > > at computing challenges for these 2cps, well that is a pretty hefty > > amount of hash that could be required. > > > > Another ways is perhaps all the UAC are willing to do about the > > amount of hashing that 1 second of G.729 compression would take. > > It's hard to imagine that most UAs (even large GWs) could not do > > this. This would limit the rate of attack of a single computer to in > > the 100s of messages per second. This is a lot less hashing that the > > example above but contrast this to what is possible today. Today I > > can send in the order of 100,000 message per second. Increasing the > > cost of an attack by 1000 is good. It slows it down and give you > > time to trace the source and cut it off before it is everywhere. It > > makes is less worth while to advertise products that a very very > > small percentage of the receivers would buy. > > > > As discussed in the SPAM draft, you would always want to use white > > lists first then if the person was not on the white list fallback to > > something else like this. > > > > Cullen > > > > > > On 2/24/05 11:30 AM, "Francois Audet" <audet@nortel.com> wrote: > > > > We may need to explain some of the limitations of this. It seems > > to me that this mechanism would not be terribly appropriate for > > applications that aggregate a large number of clients onto a > > single platform. For example, this may be too computationally > > intensive for a large PSTN Gateway, or even a large Proxy. > > > > Any ideas of how a UAS would make the decision to send the 419 > > without burdening the UAC? Should there be a supported/require > > header for this functionality, so that a UAC could "opt out"? > > > > > > > > -----Original Message----- > > *From:* sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] > > *On Behalf Of *Cullen Jennings > > *Sent:* Tuesday, February 22, 2005 16:46 > > *To:* sip@ietf.org > > *Subject:* [Sip] draft-jennings-sip-hashcash-01 > > > > > > I updated this draft on "SIP Computational Puzzles" so it > > has enough detail to implement it. (Previous version did > > not). It is in the drafts directory and also in HTML form at: > > > > http://scm.sipfoundry.org/rep/ietf-drafts/fluffy/draft-jennings-sip-hashcash-01.html > > > > Cullen > > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol > > Use sip-implementors@cs.columbia.edu for questions on current sip > > Use sipping@ietf.org for new developments on the application of sip > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol > > Use sip-implementors@cs.columbia.edu for questions on current sip > > Use sipping@ietf.org for new developments on the application of sip
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] draft-jennings-sip-hashcash-01 Cullen Jennings
- Re: [Sip] draft-jennings-sip-hashcash-01 Dan Wing
- RE: [Sip] draft-jennings-sip-hashcash-01 Francois Audet
- Re: [Sip] draft-jennings-sip-hashcash-01 Jonathan Rosenberg
- Re: [Sip] draft-jennings-sip-hashcash-01 Dan Wing
- Re: [Sip] draft-jennings-sip-hashcash-01 Michael Thomas
- Re: [Sip] draft-jennings-sip-hashcash-01 Henning Schulzrinne
- [Sip] jennings-sip-hashcash - does it help - does… Cullen Jennings
- Re: [Sip] draft-jennings-sip-hashcash-01 Cullen Jennings
- [Sip] Re: jennings-sip-hashcash - does it help - … Michael Thomas
- Re: [Sip] draft-jennings-sip-hashcash-01 Cullen Jennings
- Re: [Sip] draft-jennings-sip-hashcash-01 Henning Schulzrinne
- [Sip] Re: jennings-sip-hashcash - does it help - … Jonathan Rosenberg
- RE: [Sip] draft-jennings-sip-hashcash-01 Francois Audet
- Re: [Sip] draft-jennings-sip-hashcash-01 Jonathan Rosenberg
- Re: [Sip] draft-jennings-sip-hashcash-01 David R Oran
- RE: [Sip] draft-jennings-sip-hashcash-01 Francois Audet
- RE: [Sip] draft-jennings-sip-hashcash-01 Francois Audet
- Re: [Sip] draft-jennings-sip-hashcash-01 Cullen Jennings