- From: Bennet Yee <bsy@cs.ucsd.edu>
- Date: Mon, 05 Aug 1996 17:34:46 -0700
- To: Steve Petri <petri@litronic.com>
- cc: ietf-tls@w3.org
> Steve Petri writes: > > So it seems that the client code will come up with a (high entropy) random > number, and encrypt it with the Server's public key. Is that correct? This is the standard RSA server auth key exchange. > Is there a provision in the proposal to deny service to an account which > is being dictionary attacked directly, or will this be left up to > the implementation? Protocols only specify the messages sent over the wire. The vulnerability to dictionary attacks, unfortunately, is independent of this -- active on-line attacks, where the server is actually being probed, -can- be detected by the server implementation, but such an implementation requirement is outside the scope of a protocol standard; off-line attacks where protocol messages are eavesdropped and then used to determine the key in a separate computation, much as brute-force key searches are done with known-plaintext attacks, are completely separated from both protocol specifications as well as implementation specifications. -bsy -------- Bennet S. Yee Phone: +1 619 534 4614 Email: bsy@cs.ucsd.edu Web: http://www-cse.ucsd.edu/users/bsy/ USPS: Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114
Received on Monday, 5 August 1996 20:35:00 UTC