On Tue, 20 Jun 2006 17:06:27 -0400, Ross Callon <rcallon@juniper.net> wrote:
At 12:12 PM 6/20/2006 -0700, Bora Akyol wrote:
The draft allows you to have a set of keys in your keychain and the implementation tries all of them before declaring the segment as invalid.
DoS against routers is of course a major concern. Using encryption has the potential of making DoS worse, in the sense that the amount of processing that a bogus packet can cause is increased by the amount of processing needed to check the authentication. If the router needs to check multiple keys in the keychain before declaring the segment as invalid, then this multiplies the effect of the DOS by the number of keys that need to be checked.
You're quite right, and the next version of the draft contains the following additional text in the Security Considerations: Having multiple keys makes CPU denial of service attacks easier. This suggests that keeping the overlap period reasonably short is a good idea. In addition, the Generalized TTL Security Mechanism <xref target="RFC3682" />, if applicable to the local topology, can help. Note that there would almost never be more than two keys in existence at any one time in any event. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb