- From: Peter Rostin <russin@rsasecurity.com>
- Date: Fri, 13 Sep 2002 09:20:02 -0700 (PDT)
- To: www-xkms@w3.org
At the last XKMS F2F meeting we discussed adding a hash of the request
to the reply to guard agains man-in-the-middle attacks when the request
is unauthenticated but the reply is authenticated.
During that discussion there was a question about if RSAs IPR regarding
"Client Puzzles" could be relevant (and if that was the case, if
RSA would offer it RF or similar). See #26 in the Issues List.
I have talked to others inside RSA and as far as we understand it (though
not representing a formal legal assessment), our IPR regarding "Client
Puzzles" are NOT relevant/applicable for the suggested mechanism.
The Client Puzzles scheme ("Client Puzzles: A Cryptographic Countermeasure
against Connection Depletion Attacks", ISOC NDSS, 1999) is focused on
denial-of-service protection and therefore addresses a different sort of
requirement than that considered here.
/Russin
Received on Friday, 13 September 2002 12:20:13 UTC