W3C home > Mailing lists > Public > www-xkms@w3.org > September 2002

Clarification regarding Client Puzzles

From: Peter Rostin <russin@rsasecurity.com>
Date: Fri, 13 Sep 2002 09:20:02 -0700 (PDT)
To: www-xkms@w3.org
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D204462089-100000@exrsa01.rsa.com>

At the last XKMS F2F meeting we discussed adding a hash of the request
to the reply to guard agains man-in-the-middle attacks when the request
is unauthenticated but the reply is authenticated.

During that discussion there was a question about if RSAs IPR regarding
"Client Puzzles" could be relevant (and if that was the case, if
RSA would offer it RF or similar). See #26 in the Issues List.

I have talked to others inside RSA and as far as we understand it (though
not representing a formal legal assessment), our IPR regarding "Client
Puzzles" are NOT relevant/applicable for the suggested mechanism.

The Client Puzzles scheme ("Client Puzzles: A Cryptographic Countermeasure
against Connection Depletion Attacks", ISOC NDSS, 1999) is focused on
denial-of-service protection and therefore addresses a different sort of
requirement than that considered here.

	/Russin
Received on Friday, 13 September 2002 12:20:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:17 GMT