At the last XKMS F2F meeting we discussed adding a hash of the request to the reply to guard agains man-in-the-middle attacks when the request is unauthenticated but the reply is authenticated. During that discussion there was a question about if RSAs IPR regarding "Client Puzzles" could be relevant (and if that was the case, if RSA would offer it RF or similar). See #26 in the Issues List. I have talked to others inside RSA and as far as we understand it (though not representing a formal legal assessment), our IPR regarding "Client Puzzles" are NOT relevant/applicable for the suggested mechanism. The Client Puzzles scheme ("Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks", ISOC NDSS, 1999) is focused on denial-of-service protection and therefore addresses a different sort of requirement than that considered here. /RussinReceived on Friday, 13 September 2002 12:20:13 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:30:53 GMT