[Sipping] Feedback on draft-jennings-sip-hashcash-01.txt
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Fri, 04 March 2005 11:52 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA05348 for <sipping-web-archive@ietf.org>; Fri, 4 Mar 2005 06:52:38 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D7BNq-0008Fi-4b for sipping-web-archive@ietf.org; Fri, 04 Mar 2005 06:54:18 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D7BJ4-000603-0r; Fri, 04 Mar 2005 06:49:22 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D7BJ1-0005zt-UQ for sipping@megatron.ietf.org; Fri, 04 Mar 2005 06:49:20 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA04790 for <sipping@ietf.org>; Fri, 4 Mar 2005 06:49:17 -0500 (EST)
Received: from albatross.ericsson.se ([193.180.251.49]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D7BKZ-000889-7a for sipping@ietf.org; Fri, 04 Mar 2005 06:50:57 -0500
Received: from esealmw127.eemea.ericsson.se ([153.88.254.122]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id j24BmDfq029335; Fri, 4 Mar 2005 12:48:15 +0100 (MET)
Received: from esealmw127.eemea.ericsson.se ([153.88.254.175]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Fri, 4 Mar 2005 12:49:03 +0100
Received: from mail.lmf.ericsson.se ([131.160.11.13]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Fri, 4 Mar 2005 12:49:03 +0100
Received: from [131.160.37.196] (EFO9N000L5C7100.lmf.ericsson.se [131.160.37.196]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 4D3D9189CC; Fri, 4 Mar 2005 13:48:12 +0200 (EET)
Message-ID: <42284B2E.1000200@ericsson.com>
Date: Fri, 04 Mar 2005 13:49:02 +0200
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: sipping <sipping@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 04 Mar 2005 11:49:03.0397 (UTC) FILETIME=[29963550:01C520B0]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Content-Transfer-Encoding: 7bit
Cc: Cullen Jennings <fluffy@cisco.com>
Subject: [Sipping] Feedback on draft-jennings-sip-hashcash-01.txt
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Sender: sipping-bounces@ietf.org
Errors-To: sipping-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Content-Transfer-Encoding: 7bit
Hi, I just read the following draft: http://www.ietf.org/internet-drafts/draft-jennings-sip-hashcash-01.txt some other protocols also use this type of puzzle to be solved by clients to avoid DoS attacks. I have some comments on the actual algorithm proposed in this draft. To create a puzzle, the UAS needs to create a pre-image, calculate its hash, and set to zero the low bits of the pre-image. Given that the pre-image contains fields from the request (e.g., Call-ID and From tag), the UAS needs to create the puzzle when such a request arrives. If my UAS is under a DoS attack, I do not want it to start consuming all these cycles generating puzzles (this would only make the attack worse). I want a puzzle that is easier to create for a UAS... of course, the UAS should still be able to modify the difficulty of the puzzle, as in the current proposal. An alternative algorithm would consist of creating the pre-image as described in the draft and asking the UAC to find a string so that the hash of the concatenation of the string and the pre-image has n number of zeros as its low order bits. hash (string pre-image) = 00000xxxxxxxxx The higher the number of zeros, the more difficult it is for the UAC to solve the puzzle. Gonzalo _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Feedback on draft-jennings-sip-hashcash… Gonzalo Camarillo