nanog mailing list archives

Re: OpenSSL

From: "Petri Helenius" <pete () he iki fi>
Date: Tue, 18 Mar 2003 17:09:58 +0200


While the timing attack is the attack against the SSL server, it is my
reading of the paper that the attacks' success largely depends on ability to
tightly control the time it takes to communicate with a service using SSL.
Currently, such control is rather difficult to achive on links other than
ethernet.

Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
servers connected to MPLS networks are more suspectible to attack?










:-)

Pete

Current thread:

OpenSSL Len Rose (Mar 17)
- Re: OpenSSL Scott Francis (Mar 17)
  - Re: OpenSSL Steven M. Bellovin (Mar 17)
    - Re: OpenSSL Scott Francis (Mar 17)
- <Possible follow-ups>
- Re: OpenSSL Stewart, William C (Bill), SALES (Mar 17)
- Re: OpenSSL Michael . Dillon (Mar 18)
  - Re: OpenSSL Eric Rescorla (Mar 18)
    - Re: OpenSSL alex (Mar 18)
    - Re: OpenSSL Petri Helenius (Mar 18)
    - Re: OpenSSL alex (Mar 18)
    - Re: OpenSSL Eric Rescorla (Mar 18)
- RE: OpenSSL Matt Ryan (Mar 18)
  - RE: OpenSSL alex (Mar 18)
  - Re: OpenSSL Petri Helenius (Mar 18)
- RE: OpenSSL Matt Ryan (Mar 19)