Re: Transport Layer Security (Was: Re: "Cypherpunks Write Code" as a Putdown)

[Ray Cromwell <rjc@clark.net>]

> 
> Perry writes:
> > I believe that between IPSP for the
> > links and MOSS (and SHTTP using MOSS for document security) we should
> > have the whole thing wrapped up in a couple of years. Problems still
> > to solve include security for the internet's routing protocols,
> > protection against denial of service attacks, etc.
> 
> Could someone say a bit more about the perceived difficulties associated
> with secure network routing protocols ?  TIA.
> 
> I am not at all optimistic about defeating DoS attacks....

  It seems to me that many of these attacks can be defeated by anti-spam
routines (with exponential time buildup) and economic mechanisms. That is,
you pay "credits", which can possibly be based on real money, for each
access. When you use them up, you must contact the service to request more.
Coupled with authentication, this makes DoS tough because you must request
more credits for your ID, however, if you use them up quicker than
average, you must justify why you need them again so soon.

  Anti-spam routines have been successful on IRC and MUDS against DoS. Each
"request" is measured against the time since the last request. If the time
is less than the delay, the request is denied (and with exponential
buildup, you double the delay so that even "needling" attacks where
a DoS attack finds your delay and transmits just under that, has trouble)
If the resource is disk space, or network memory buffers, or whatever, you
impose similar timing sensitive constraints.
 
  This covers most spam based DoS. 

-Ray