Re: OpenSSL

["Petri Helenius" <pete () he iki fi>]

Note the smiley 10 lines down. You have been had.

Pete

----- Original Message -----
From: "Matt Ryan" <Matt.Ryan () telewest co uk>
To: "'Petri Helenius'" <pete () he iki fi>; <alex () yuriev com>; <nanog () merit edu>
Sent: Tuesday, March 18, 2003 5:58 PM
Subject: RE: OpenSSL


MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the
clever queuing can do it for you - but then it can for IP (because its the
same thing!).


Matt.

-----Original Message-----
From: Petri Helenius [mailto:pete () he iki fi]
Sent: 18 March 2003 15:10
To: alex () yuriev com; nanog () merit edu
Subject: Re: OpenSSL



> While the timing attack is the attack against the SSL server, it is my
> reading of the paper that the attacks' success largely depends on ability
to
> tightly control the time it takes to communicate with a service using SSL.
> Currently, such control is rather difficult to achive on links other than
> ethernet.
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
servers connected to MPLS networks are more suspectible to attack?










:-)

Pete


------------------------------------------------------------------------------
Live Life in Broadband
www.telewest.co.uk


The information transmitted is intended only for the person or entity to which it is addressed and may contain 
confidential and/or
privileged material.
Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, 
dissemination
or other use of, or taking of any action in reliance upon, this information by persons or entities other than the 
intended recipient
is prohibited. If you received this in error, please contact the sender immediately and delete the material from any 
computer.


==============================================================================