Re: 'PUT' transaction reconsidered (was Re: two-phase send concerns )

In <9512282109.AA06423@acetes.pa.dec.com>, you wrote, Jeff:
>The security issue here is new, and seems to have several components
>(I'm reading between the lines in your message):
>
>    (1) The transmission of some data that would have been rejected
>    might expose it to eavesdropping.
>
>    (2) The mere attempt to do a "vulnerable operation" that would
>    be rejected could cause some havoc at the server side.
>
>Am I missing any others?  Frankly, I don't buy either of these
>arguments; especially, as Koen points out, the 5-second timeout
>can be manipulated by an external agent (via a temporary
>denial-of-service attack) but also because we ought not to be
>pretending that security can be accomplished without encryption
>for privacy and authentication for authorization.

One additional risk is traffic analysis, as in, "Gee, EDS is sure sending a 
lot of encrypted messages to GM today".  Remember that Kocher's attack on 
RSA involves timing analysis, a form of traffic analysis.  Sending the whole 
PUT could open it up to Kocher's or a similar attack, especially if the 
object being PUT is publicly readable, as some of the data would then be 
known plaintext.
======================================================================
Mark Leighton Fisher                   Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN

Received on Friday, 29 December 1995 06:27:36 UTC