On 02/14/2012 02:56 PM, Ralph Holz wrote:
BTW, what we do not address is an attacker sending us many forged chains
and/or traces. We don't want clients have to register with our server
and obtain an identity. That's a sore point.
Aren't the certs of interest those that chain to a well-known root?
So they could be validated, and those that don't could be efficiently
discarded. At that point, the attacker is reduced to effectively doing
an SSL DoS on you which is likely to grow old quickly.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
