Re: 'PUT' transaction reconsidered (was Re: two-phase send concerns )

In <>, you wrote, Jeff:
>The security issue here is new, and seems to have several components
>(I'm reading between the lines in your message):
>    (1) The transmission of some data that would have been rejected
>    might expose it to eavesdropping.
>    (2) The mere attempt to do a "vulnerable operation" that would
>    be rejected could cause some havoc at the server side.
>Am I missing any others?  Frankly, I don't buy either of these
>arguments; especially, as Koen points out, the 5-second timeout
>can be manipulated by an external agent (via a temporary
>denial-of-service attack) but also because we ought not to be
>pretending that security can be accomplished without encryption
>for privacy and authentication for authorization.

One additional risk is traffic analysis, as in, "Gee, EDS is sure sending a 
lot of encrypted messages to GM today".  Remember that Kocher's attack on 
RSA involves timing analysis, a form of traffic analysis.  Sending the whole 
PUT could open it up to Kocher's or a similar attack, especially if the 
object being PUT is publicly readable, as some of the data would then be 
known plaintext.
Mark Leighton Fisher                   Thomson Consumer Electronics                   Indianapolis, IN

Received on Friday, 29 December 1995 06:27:36 UTC