MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the clever queuing can do it for you - but then it can for IP (because its the same thing!). Matt. -----Original Message----- From: Petri Helenius [mailto:pete@he.iki.fi] Sent: 18 March 2003 15:10 To: alex@yuriev.com; nanog@merit.edu Subject: Re: OpenSSL
While the timing attack is the attack against the SSL server, it is my reading of the paper that the attacks' success largely depends on ability
to
tightly control the time it takes to communicate with a service using SSL. Currently, such control is rather difficult to achive on links other than ethernet.
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL servers connected to MPLS networks are more suspectible to attack? :-) Pete ------------------------------------------------------------------------------ Live Life in Broadband www.telewest.co.uk The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. ==============================================================================
MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the clever queuing can do it for you - but then it can for IP (because its the same thing!).
As Eric stated in his previous message, I have not realized that his point was that even one machine that has an ethernet connection directly to the SSL-enabled service, the SSL timing attack is possible. Of course, such setup is the most common way of connecting systems with SSL-enabled services to the internet. Alex
Note the smiley 10 lines down. You have been had. Pete ----- Original Message ----- From: "Matt Ryan" <Matt.Ryan@telewest.co.uk> To: "'Petri Helenius'" <pete@he.iki.fi>; <alex@yuriev.com>; <nanog@merit.edu> Sent: Tuesday, March 18, 2003 5:58 PM Subject: RE: OpenSSL MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the clever queuing can do it for you - but then it can for IP (because its the same thing!). Matt. -----Original Message----- From: Petri Helenius [mailto:pete@he.iki.fi] Sent: 18 March 2003 15:10 To: alex@yuriev.com; nanog@merit.edu Subject: Re: OpenSSL
While the timing attack is the attack against the SSL server, it is my reading of the paper that the attacks' success largely depends on ability
to
tightly control the time it takes to communicate with a service using SSL. Currently, such control is rather difficult to achive on links other than ethernet.
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL servers connected to MPLS networks are more suspectible to attack? :-) Pete ------------------------------------------------------------------------------ Live Life in Broadband www.telewest.co.uk The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. ==============================================================================
participants (3)
-
alex@yuriev.com
-
Matt Ryan
-
Petri Helenius