[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: namedroppers, continued

To: Dean Anderson <dean@av8.com>
Subject: Re: namedroppers, continued
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Sat, 07 Dec 2002 13:15:05 -0500
Cc: "Ayyasamy, Senthilkumar (UMKC-Student)" <saq66@umkc.edu>,Fred Baker <fred@cisco.com>,"Hallam-Baker, Phillip" <pbaker@verisign.com>,dwork@almaden.ibm.com, ietf@ietf.org, namedroppers@ops.ietf.org,iesg@ietf.org

In message <Pine.LNX.4.44.0212071209090.2775-100000@commander.av8.net>, Dean An
derson writes:
>This seems clever, however, it will also take significant computational
>effort to verify the computational effort was actually done. Even if a
>class of functions are found that are "easier" to verify than to compute,
>they will no doubt still take up a significant fraction of time.

In fact, that's the easy part.  You could demand that the sender 
compute 1,000,000 HMACs of the text, the envelope, the time of day, and 
a counter.  The verifier could check 100 randomly-chosen ones -- if any 
fail, there's a forgery.  (Well, you probably wouldn't want those 
values, since 1,000,000 HMACs would be a lot of data to transmit.  But 
you get the general idea.)

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: namedroppers, continued
  - From: Dean Anderson <dean@av8.com>
- Re: namedroppers, continued
  - From: ned.freed@mrochek.com

Prev by Date: RE: namedroppers, continued
Next by Date: Re: in support of axfr-clarify
Previous by thread: RE: namedroppers, continued
Next by thread: Re: namedroppers, continued
Index(es):
- Date
- Thread